evan/next-terminal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

完善资产的授权功能

Browse Source
This commit is contained in:
dushixiang
2021-01-15 22:13:46 +08:00
parent f38c77c202
commit 1a3f7acd1e
11 changed files with 390 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
pkg/api/asset.go
View File

@ -1,6 +1,7 @@
package api
import (
"errors"
"github.com/labstack/echo/v4"
"next-terminal/pkg/model"
"next-terminal/pkg/utils"
@ -31,7 +32,17 @@ func AssetPagingEndpoint(c echo.Context) error {
protocol := c.QueryParam("protocol")
tags := c.QueryParam("tags")
items, total, _ := model.FindPageAsset(pageIndex, pageSize, name, protocol, tags)
var (
total int64
items []model.AssetVo
)
account, _ := GetCurrentAccount(c)
if account.Role == model.RoleUser {
items, total, _ = model.FindPageAsset(pageIndex, pageSize, name, protocol, tags, account.ID)
} else {
items, total, _ = model.FindPageAsset(pageIndex, pageSize, name, protocol, tags, "")
}
return Success(c, H{
"total": total,
@ -124,3 +135,27 @@ func AssetTagsEndpoint(c echo.Context) (err error) {
}
return Success(c, items)
}
func AssetChangeOwnerEndpoint(c echo.Context) (err error) {
id := c.Param("id")
if err := PreCheckAssetPermission(c, id); err != nil {
return err
}
owner := c.QueryParam("owner")
model.UpdateAssetById(&model.Asset{Owner: owner}, id)
return Success(c, "")
}
func PreCheckAssetPermission(c echo.Context, id string) error {
item, err := model.FindAssetById(id)
if err != nil {
return err
}
if !HasPermission(c, item.Owner) {
return errors.New("permission denied")
}
return nil
}

30
pkg/api/credential.go
View File

@ -1,6 +1,7 @@
package api
import (
"errors"
"github.com/labstack/echo/v4"
"next-terminal/pkg/model"
"next-terminal/pkg/utils"
@ -79,6 +80,10 @@ func CredentialPagingEndpoint(c echo.Context) error {
func CredentialUpdateEndpoint(c echo.Context) error {
id := c.Param("id")
if err := PreCheckCredentialPermission(c, id); err != nil {
return err
}
var item model.Credential
if err := c.Bind(&item); err != nil {
return err
@ -118,6 +123,9 @@ func CredentialDeleteEndpoint(c echo.Context) error {
id := c.Param("id")
split := strings.Split(id, ",")
for i := range split {
if err := PreCheckCredentialPermission(c, split[i]); err != nil {
return err
}
model.DeleteCredentialById(split[i])
}
@ -126,17 +134,39 @@ func CredentialDeleteEndpoint(c echo.Context) error {
func CredentialGetEndpoint(c echo.Context) error {
id := c.Param("id")
item, err := model.FindCredentialById(id)
if err != nil {
return err
}
if !HasPermission(c, item.Owner) {
return errors.New("permission denied")
}
return Success(c, item)
}
func CredentialChangeOwnerEndpoint(c echo.Context) error {
id := c.Param("id")
if err := PreCheckCredentialPermission(c, id); err != nil {
return err
}
owner := c.QueryParam("owner")
model.UpdateCredentialById(&model.Credential{Owner: owner}, id)
return Success(c, "")
}
func PreCheckCredentialPermission(c echo.Context, id string) error {
item, err := model.FindCredentialById(id)
if err != nil {
return err
}
if !HasPermission(c, item.Owner) {
return errors.New("permission denied")
}
return nil
}

3
pkg/api/resource.go
View File

@ -18,9 +18,10 @@ func ResourceGetAssignEndPoint(c echo.Context) error {
func ResourceOverwriteAssignEndPoint(c echo.Context) error {
resourceId := c.Param("id")
userIds := c.QueryParam("userIds")
resourceType := c.QueryParam("type")
uIds := strings.Split(userIds, ",")
model.OverwriteUserIdsByResourceId(resourceId, uIds)
model.OverwriteUserIdsByResourceId(resourceId, resourceType, uIds)
return Success(c, "")
}

17
pkg/api/routes.go
View File

@ -60,6 +60,7 @@ func SetupRoutes() *echo.Echo {
assets.PUT("/:id", AssetUpdateEndpoint)
assets.DELETE("/:id", AssetDeleteEndpoint)
assets.GET("/:id", AssetGetEndpoint)
assets.POST("/:id/change-owner", AssetChangeOwnerEndpoint)
}
e.GET("/tags", AssetTagsEndpoint)
@ -157,3 +158,19 @@ func GetCurrentAccount(c echo.Context) (model.User, bool) {
}
return model.User{}, false
}
func HasPermission(c echo.Context, owner string) bool {
// 检测是否为创建者
account, found := GetCurrentAccount(c)
if !found {
return false
}
if model.RoleAdmin == account.Role {
return true
}
if owner == account.ID {
return true
}
return false
}

8
pkg/handle/runner.go
View File

@ -18,7 +18,7 @@ func RunTicker() {
c := cron.New(cron.WithSeconds()) //精确到秒
// 定时任务,每隔一小时删除一次未使用的会话信息
_, _ = c.AddFunc("0 0/1 0/1 * * ?", func() {
_, _ = c.AddFunc("0 0 0/1 * * ?", func() {
sessions, _ := model.FindSessionByStatusIn([]string{model.NoConnect, model.Connecting})
if sessions != nil && len(sessions) > 0 {
now := time.Now()
@ -26,7 +26,7 @@ func RunTicker() {
if now.Sub(sessions[i].ConnectedTime.Time) > time.Hour*1 {
model.DeleteSessionById(sessions[i].ID)
s := sessions[i].Username + "@" + sessions[i].IP + ":" + strconv.Itoa(sessions[i].Port)
logrus.Debugf("会话「%v」ID「%v」超过1小时未打开已删除。", s, sessions[i].ID)
logrus.Infof("会话「%v」ID「%v」超过1小时未打开已删除。", s, sessions[i].ID)
}
}
}
@ -37,11 +37,11 @@ func RunTicker() {
sessions, _ := model.FindSessionByStatus(model.Connected)
if sessions != nil && len(sessions) > 0 {
for i := range sessions {
_, found := global.Cache.Get(sessions[i].ID)
_, found := global.Store.Get(sessions[i].ID)
if !found {
api.CloseSessionById(sessions[i].ID, api.Normal, "")
s := sessions[i].Username + "@" + sessions[i].IP + ":" + strconv.Itoa(sessions[i].Port)
logrus.Debugf("会话「%v」ID「%v」已离线修改状态为「关闭」。", s, sessions[i].ID)
logrus.Infof("会话「%v」ID「%v」已离线修改状态为「关闭」。", s, sessions[i].ID)
}
}
}

32
pkg/model/asset.go
View File

@ -26,16 +26,17 @@ type Asset struct {
}
type AssetVo struct {
ID string `json:"id"`
Name string `json:"name"`
IP string `json:"ip"`
Protocol string `json:"protocol"`
Port int `json:"port"`
Active bool `json:"active"`
Created utils.JsonTime `json:"created"`
Tags string `json:"tags"`
Owner string `json:"owner"`
OwnerName string `json:"ownerName"`
ID string `json:"id"`
Name string `json:"name"`
IP string `json:"ip"`
Protocol string `json:"protocol"`
Port int `json:"port"`
Active bool `json:"active"`
Created utils.JsonTime `json:"created"`
Tags string `json:"tags"`
Owner string `json:"owner"`
OwnerName string `json:"ownerName"`
SharerCount int64 `json:"sharerCount"`
}
func (r *Asset) TableName() string {
@ -57,9 +58,14 @@ func FindAssetByConditions(protocol string) (o []Asset, err error) {
return
}
func FindPageAsset(pageIndex, pageSize int, name, protocol, tags string) (o []AssetVo, total int64, err error) {
db := global.DB.Table("assets").Select("assets.id,assets.name,assets.ip,assets.port,assets.protocol,assets.active,assets.owner,assets.created, users.nickname as owner_name").Joins("left join users on assets.owner = users.id")
dbCounter := global.DB.Table("assets").Select("assets.id,assets.name,assets.ip,assets.port,assets.protocol,assets.active,assets.owner,assets.created, users.nickname as owner_name").Joins("left join users on assets.owner = users.id")
func FindPageAsset(pageIndex, pageSize int, name, protocol, tags, owner string) (o []AssetVo, total int64, err error) {
db := global.DB.Table("assets").Select("assets.id,assets.name,assets.ip,assets.port,assets.protocol,assets.active,assets.owner,assets.created, users.nickname as owner_name,COUNT(resources.user_id) as sharer_count").Joins("left join users on assets.owner = users.id").Joins("left join resources on assets.id = resources.resource_id").Group("assets.id")
dbCounter := global.DB.Table("assets").Select("DISTINCT assets.id,assets.name,assets.ip,assets.port,assets.protocol,assets.active,assets.owner,assets.created, users.nickname as owner_name").Joins("left join users on assets.owner = users.id").Joins("left join resources on assets.id = resources.resource_id")
if len(owner) > 0 {
db = db.Where("assets.owner = ? or resources.user_id = ?", owner, owner)
dbCounter = dbCounter.Where("assets.owner = ? or resources.user_id = ?", owner, owner)
}
if len(name) > 0 {
db = db.Where("assets.name like ?", "%"+name+"%")

7
pkg/model/credential.go
View File

@ -38,7 +38,12 @@ type CredentialVo struct {
SharerCount int64 `json:"sharerCount"`
}
func FindAllCredential() (o []Credential, err error) {
type CredentialSimpleVo struct {
ID string `json:"id"`
Name string `json:"name"`
}
func FindAllCredential() (o []CredentialSimpleVo, err error) {
err = global.DB.Find(&o).Error
return
}

18
pkg/model/resource.go
View File

@ -6,9 +6,10 @@ import (
)
type Resource struct {
ID string `gorm:"primary_key" json:"name"`
ResourceId string `json:"resourceId"`
UserId string `json:"userId"`
ID string `gorm:"primary_key" json:"name"`
ResourceId string `json:"resourceId"`
ResourceType string `json:"resourceType"`
UserId string `json:"userId"`
}
func (r *Resource) TableName() string {
@ -24,7 +25,7 @@ func FindUserIdsByResourceId(resourceId string) (r []string, err error) {
return
}
func OverwriteUserIdsByResourceId(resourceId string, userIds []string) {
func OverwriteUserIdsByResourceId(resourceId, resourceType string, userIds []string) {
db := global.DB.Begin()
db.Where("resource_id = ?", resourceId).Delete(&Resource{})
@ -33,11 +34,12 @@ func OverwriteUserIdsByResourceId(resourceId string, userIds []string) {
if len(userId) == 0 {
continue
}
id := utils.Sign([]string{resourceId, userId})
id := utils.Sign([]string{resourceId, resourceType, userId})
resource := &Resource{
ID: id,
ResourceId: resourceId,
UserId: userId,
ID: id,
ResourceId: resourceId,
ResourceType: resourceType,
UserId: userId,
}
_ = db.Create(resource).Error
}