evan/next-terminal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

完善资源隔离和授权管理

Browse Source
This commit is contained in:
dushixiang 2021-01-16 17:29:20 +08:00
parent 44110722b2
commit 11c1ac23e4
16 changed files with 120 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
main.go
View File

@ -85,7 +85,8 @@ func Run() error {
return err
}
if len(model.FindAllUser()) == 0 {
users := model.FindAllUser()
if len(users) == 0 {
var pass []byte
if pass, err = utils.Encoder.Encode([]byte("admin")); err != nil {
@ -97,11 +98,23 @@ func Run() error {
Username: "admin",
Password: string(pass),
Nickname: "超级管理员",
Type: model.TypeAdmin,
Created: utils.NowJsonTime(),
}
if err := model.CreateNewUser(&user); err != nil {
return err
}
} else {
for i := range users {
// 修正默认用户类型为管理员
if users[i].Type == "" {
user := model.User{
Type: model.TypeAdmin,
}
model.UpdateUserById(&user, users[i].ID)
logrus.Infof("自动修正用户「%v」ID「%v」类型为管理员", users[i].Nickname, users[i].ID)
}
}
}
if err := global.DB.AutoMigrate(&model.Asset{}); err != nil {

6
pkg/api/asset.go
View File

@ -52,6 +52,9 @@ func AssetAllEndpoint(c echo.Context) error {
func AssetUpdateEndpoint(c echo.Context) error {
id := c.Param("id")
if err := PreCheckAssetPermission(c, id); err != nil {
return err
}
var item model.Asset
if err := c.Bind(&item); err != nil {
@ -91,6 +94,9 @@ func AssetDeleteEndpoint(c echo.Context) error {
id := c.Param("id")
split := strings.Split(id, ",")
for i := range split {
if err := PreCheckAssetPermission(c, id); err != nil {
return err
}
model.DeleteAssetById(split[i])
}

6
pkg/api/command.go
View File

@ -44,6 +44,9 @@ func CommandPagingEndpoint(c echo.Context) error {
func CommandUpdateEndpoint(c echo.Context) error {
id := c.Param("id")
if err := PreCheckCommandPermission(c, id); err != nil {
return err
}
var item model.Command
if err := c.Bind(&item); err != nil {
@ -59,6 +62,9 @@ func CommandDeleteEndpoint(c echo.Context) error {
id := c.Param("id")
split := strings.Split(id, ",")
for i := range split {
if err := PreCheckCommandPermission(c, id); err != nil {
return err
}
model.DeleteCommandById(split[i])
}
return Success(c, nil)

13
pkg/api/middleware.go
View File

@ -21,6 +21,9 @@ func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
func Auth(next echo.HandlerFunc) echo.HandlerFunc {
urls := []string{"download", "recording", "login", "static", "favicon", "logo"}
permissionUrls := H{
"/users": "admin",
}
return func(c echo.Context) error {
// 路由拦截 - 登录身份、资源权限判断等
@ -37,7 +40,15 @@ func Auth(next echo.HandlerFunc) echo.HandlerFunc {
authorization, found := global.Cache.Get(token)
if !found {
logrus.Debugf("您的登录信息已失效,请重新登录后再试。")
return Fail(c, 403, "您的登录信息已失效,请重新登录后再试。")
return Fail(c, 401, "您的登录信息已失效,请重新登录后再试。")
}
for url := range permissionUrls {
if strings.HasPrefix(c.Request().RequestURI, url) {
if authorization.(Authorization).User.Type != permissionUrls[url] {
return Fail(c, 403, "permission denied")
}
}
}
if authorization.(Authorization).Remember {

2
pkg/api/routes.go
View File

@ -166,7 +166,7 @@ func HasPermission(c echo.Context, owner string) bool {
if !found {
return false
}
if model.RoleAdmin == account.Role {
if model.TypeAdmin == account.Type {
return true
}

4
pkg/model/asset.go
View File

@ -51,7 +51,7 @@ func FindAllAsset() (o []Asset, err error) {
func FindAssetByConditions(protocol string, account User) (o []Asset, err error) {
db := global.DB.Table("assets").Select("assets.id,assets.name,assets.ip,assets.port,assets.protocol,assets.active,assets.owner,assets.created, users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on assets.owner = users.id").Joins("left join resources on assets.id = resources.resource_id").Group("assets.id")
if RoleUser == account.Role {
if TypeUser == account.Type {
owner := account.ID
db = db.Where("assets.owner = ? or resources.user_id = ?", owner, owner)
}
@ -67,7 +67,7 @@ func FindPageAsset(pageIndex, pageSize int, name, protocol, tags string, account
db := global.DB.Table("assets").Select("assets.id,assets.name,assets.ip,assets.port,assets.protocol,assets.active,assets.owner,assets.created, users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on assets.owner = users.id").Joins("left join resources on assets.id = resources.resource_id").Group("assets.id")
dbCounter := global.DB.Table("assets").Select("DISTINCT assets.id").Joins("left join resources on assets.id = resources.resource_id")
if RoleUser == account.Role {
if TypeUser == account.Type {
owner := account.ID
db = db.Where("assets.owner = ? or resources.user_id = ?", owner, owner)
dbCounter = dbCounter.Where("assets.owner = ? or resources.user_id = ?", owner, owner)

2
pkg/model/command.go
View File

@ -32,7 +32,7 @@ func FindPageCommand(pageIndex, pageSize int, name, content string, account User
db := global.DB.Table("commands").Select("commands.id,commands.name,commands.content,commands.owner,commands.created, users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on commands.owner = users.id").Joins("left join resources on commands.id = resources.resource_id").Group("commands.id")
dbCounter := global.DB.Table("commands").Select("DISTINCT commands.id").Joins("left join resources on commands.id = resources.resource_id")
if RoleUser == account.Role {
if TypeUser == account.Type {
owner := account.ID
db = db.Where("commands.owner = ? or resources.user_id = ?", owner, owner)
dbCounter = dbCounter.Where("commands.owner = ? or resources.user_id = ?", owner, owner)

4
pkg/model/credential.go
View File

@ -45,7 +45,7 @@ type CredentialSimpleVo struct {
func FindAllCredential(account User) (o []CredentialSimpleVo, err error) {
db := global.DB.Table("credentials").Select("DISTINCT credentials.id,credentials.name").Joins("left join resources on credentials.id = resources.resource_id")
if account.Role == RoleUser {
if account.Type == TypeUser {
db = db.Where("credentials.owner = ? or resources.user_id = ?", account.ID, account.ID)
}
err = db.Find(&o).Error
@ -56,7 +56,7 @@ func FindPageCredential(pageIndex, pageSize int, name string, account User) (o [
db := global.DB.Table("credentials").Select("credentials.id,credentials.name,credentials.type,credentials.username,credentials.owner,credentials.created,users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on credentials.owner = users.id").Joins("left join resources on credentials.id = resources.resource_id").Group("credentials.id")
dbCounter := global.DB.Table("credentials").Select("DISTINCT credentials.id").Joins("left join resources on credentials.id = resources.resource_id")
if RoleUser == account.Role {
if TypeUser == account.Type {
owner := account.ID
db = db.Where("credentials.owner = ? or resources.user_id = ?", owner, owner)
dbCounter = dbCounter.Where("credentials.owner = ? or resources.user_id = ?", owner, owner)

6
pkg/model/user.go
View File

@ -7,8 +7,8 @@ import (
)
const (
RoleUser = "user"
RoleAdmin = "admin"
TypeUser = "user"
TypeAdmin = "admin"
)
type User struct {
@ -20,7 +20,7 @@ type User struct {
Online bool `json:"online"`
Enabled bool `json:"enabled"`
Created utils.JsonTime `json:"created"`
Role string `json:"role"`
Type string `json:"type"`
}
func (r *User) TableName() string {

19
web/src/App.js
View File

@ -25,8 +25,8 @@ import {
MenuFoldOutlined,
MenuUnfoldOutlined,
SettingOutlined,
SolutionOutlined,
UserOutlined
SolutionOutlined, TeamOutlined,
UserOutlined, UserSwitchOutlined
} from '@ant-design/icons';
import Info from "./components/user/Info";
import request from "./common/request";
@ -188,11 +188,26 @@ class App extends Component {
</Menu.Item>
</SubMenu>
{/*<SubMenu key='user-team' title='用户管理' icon={<UserSwitchOutlined />}>*/}
{/* <Menu.Item key="team" icon={<TeamOutlined />}>*/}
{/* <Link to={'/team'}>*/}
{/* 用户组管理*/}
{/* </Link>*/}
{/* </Menu.Item>*/}
{/* <Menu.Item key="user" icon={<UserOutlined/>}>*/}
{/* <Link to={'/user'}>*/}
{/* 用户管理*/}
{/* </Link>*/}
{/* </Menu.Item>*/}
{/*</SubMenu>*/}
<Menu.Item key="user" icon={<UserOutlined/>}>
<Link to={'/user'}>
用户管理
</Link>
</Menu.Item>
</> : undefined
}

55
web/src/common/request.js
View File

@ -11,22 +11,25 @@ axios.defaults.baseURL = server;
const handleError = (error) => {
if ("Network Error" === error.toString()) {
message.error('网络异常');
return;
return false;
}
if (error.response !== undefined && error.response.status === 403) {
if (error.response !== undefined && error.response.status === 401) {
window.location.href = '#/login';
return;
return false;
}
if (error.response !== undefined) {
// message.error(error.response.data.message);
message.error(error.response.data.message);
return false;
}
return true;
};
const handleResult = (result) => {
if (result['code'] === 403) {
if (result['code'] === 401) {
window.location.href = '#/login';
return;
return false;
}
return true;
}
const request = {
@ -37,11 +40,15 @@ const request = {
return new Promise((resolve, reject) => {
axios.get(url, {headers: headers})
.then((response) => {
handleResult(response.data);
if (!handleResult(response.data)) {
return;
}
resolve(response.data);
})
.catch((error) => {
handleError(error);
if (!handleError(error)) {
return;
}
reject(error);
});
})
@ -54,11 +61,15 @@ const request = {
return new Promise((resolve, reject) => {
axios.post(url, params, {headers: headers})
.then((response) => {
handleResult(response.data);
if (!handleResult(response.data)) {
return;
}
resolve(response.data);
})
.catch((error) => {
handleError(error);
if (!handleError(error)) {
return;
}
reject(error);
});
})
@ -71,11 +82,15 @@ const request = {
return new Promise((resolve, reject) => {
axios.put(url, params, {headers: headers})
.then((response) => {
handleResult(response.data);
if (!handleResult(response.data)) {
return;
}
resolve(response.data);
})
.catch((error) => {
handleError(error);
if (!handleError(error)) {
return;
}
reject(error);
});
})
@ -87,11 +102,15 @@ const request = {
return new Promise((resolve, reject) => {
axios.delete(url, {headers: headers})
.then((response) => {
handleResult(response.data);
if (!handleResult(response.data)) {
return;
}
resolve(response.data);
})
.catch((error) => {
handleError(error);
if (!handleError(error)) {
return;
}
reject(error);
});
})
@ -103,11 +122,15 @@ const request = {
return new Promise((resolve, reject) => {
axios.patch(url, params, {headers: headers})
.then((response) => {
handleResult(response.data);
if (!handleResult(response.data)) {
return;
}
resolve(response.data);
})
.catch((error) => {
handleError(error);
if (!handleError(error)) {
return;
}
reject(error);
});
})

3
web/src/components/session/OfflineSession.js
View File

@ -298,9 +298,8 @@ class OfflineSession extends Component {
<div>
<Button type="link" size='small'
disabled={disabled}
icon={<PlaySquareTwoTone twoToneColor={color}/>}
onClick={() => this.showPlayback(record.id)}>回放</Button>
<Button type="link" size='small' icon={<DeleteTwoTone/>} onClick={() => {
<Button type="link" size='small' onClick={() => {
confirm({
title: '您确定要删除此会话吗?',
content: '',

14
web/src/components/user/User.js
View File

@ -264,21 +264,21 @@ class User extends Component {
dataIndex: 'nickname',
key: 'nickname',
}, {
title: '用户角色',
dataIndex: 'role',
key: 'role',
render: (role, record) => {
title: '用户类型',
dataIndex: 'type',
key: 'type',
render: (text, record) => {
if (role === 'user') {
if (text === 'user') {
return (
<Tag>普通用户</Tag>
);
} else if (role === 'admin') {
} else if (text === 'admin') {
return (
<Tag color="blue">管理用户</Tag>
);
} else {
return role;
return text;
}
}

4
web/src/components/user/UserModal.js
View File

@ -19,7 +19,7 @@ const UserModal = ({title, visible, handleOk, handleCancel, confirmLoading, mode
form
.validateFields()
.then(values => {
form.resetFields();
// form.resetFields();
handleOk(values);
})
.catch(info => {
@ -44,7 +44,7 @@ const UserModal = ({title, visible, handleOk, handleCancel, confirmLoading, mode
<Input placeholder="请输入用户昵称"/>
</Form.Item>
<Form.Item label="用户角色" name='role' rules={[{required: true, message: '请选择用户角色'}]}>
<Form.Item label="用户类型" name='type' rules={[{required: true, message: '请选择用户角色'}]}>
<Radio.Group >
<Radio value={'user'}>普通用户</Radio>
<Radio value={'admin'}>管理用户</Radio>

7
web/src/service/TreeNodeService.js
View File

@ -1,7 +0,0 @@
import request from "../common/request";
const treeNodeService = {
};
export default treeNodeService;

10
web/src/service/permission.js
View File

@ -1,7 +1,9 @@
import {isEmpty} from "../utils/utils";
export function hasPermission(owner) {
let userJsonStr = sessionStorage.getItem('user');
let user = JSON.parse(userJsonStr);
if (user['role'] === 'admin') {
if (user['type'] === 'admin') {
return true;
}
@ -10,7 +12,9 @@ export function hasPermission(owner) {
export function isAdmin(){
let userJsonStr = sessionStorage.getItem('user');
if(isEmpty(userJsonStr)){
return false;
}
let user = JSON.parse(userJsonStr);
return user['role'] === 'admin';
return user['type'] === 'admin';
}