EdgeAPI/internal/rpc/utils/utils.go

package rpcutils

import (
	"context"
	"encoding/base64"
	"encoding/json"
	"errors"
	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
	"github.com/TeaOSLab/EdgeAPI/internal/encrypt"
	"github.com/TeaOSLab/EdgeAPI/internal/utils"
	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
	"github.com/iwind/TeaGo/lists"
	"github.com/iwind/TeaGo/maps"
	"google.golang.org/grpc/metadata"
	"time"
)

type UserType = string

const (
	UserTypeNone     = "none"
	UserTypeAdmin    = "admin"
	UserTypeUser     = "user"
	UserTypeProvider = "provider"
	UserTypeNode     = "node"
	UserTypeMonitor  = "monitor"
	UserTypeStat     = "stat"
	UserTypeDNS      = "dns"
	UserTypeLog      = "log"
	UserTypeAPI      = "api"
)

// 校验请求
func ValidateRequest(ctx context.Context, userTypes ...UserType) (userType UserType, userId int64, err error) {
	md, ok := metadata.FromIncomingContext(ctx)
	if !ok {
		return UserTypeNone, 0, errors.New("context: need 'nodeId'")
	}
	nodeIds := md.Get("nodeid")
	if len(nodeIds) == 0 || len(nodeIds[0]) == 0 {
		return UserTypeNone, 0, errors.New("context: need 'nodeId'")
	}
	nodeId := nodeIds[0]

	// 获取角色Node信息
	// TODO 缓存节点ID相关信息
	apiToken, err := models.SharedApiTokenDAO.FindEnabledTokenWithNode(nodeId)
	if err != nil {
		utils.PrintError(err)
		return UserTypeNone, 0, err
	}
	nodeUserId := int64(0)
	if apiToken == nil {
		return UserTypeNode, 0, errors.New("context: invalid api token")
	}

	tokens := md.Get("token")
	if len(tokens) == 0 || len(tokens[0]) == 0 {
		return UserTypeNone, 0, errors.New("context: need 'token'")
	}
	token := tokens[0]

	data, err := base64.StdEncoding.DecodeString(token)
	if err != nil {
		return UserTypeNone, 0, err
	}

	method, err := encrypt.NewMethodInstance(teaconst.EncryptMethod, apiToken.Secret, nodeId)
	if err != nil {
		utils.PrintError(err)
		return UserTypeNone, 0, err
	}
	data, err = method.Decrypt(data)
	if err != nil {
		return UserTypeNone, 0, err
	}
	if len(data) == 0 {
		return UserTypeNone, 0, errors.New("invalid token")
	}

	m := maps.Map{}
	err = json.Unmarshal(data, &m)
	if err != nil {
		return UserTypeNone, 0, errors.New("decode token error: " + err.Error())
	}

	timestamp := m.GetInt64("timestamp")
	if time.Now().Unix()-timestamp > 600 {
		// 请求超过10分钟认为超时
		return UserTypeNone, 0, errors.New("authenticate timeout")
	}

	t := m.GetString("type")
	if len(userTypes) > 0 && !lists.ContainsString(userTypes, t) {
		return UserTypeNone, 0, errors.New("not supported user type: '" + userType + "'")
	}

	switch apiToken.Role {
	case UserTypeNode:
		nodeIntId, err := models.SharedNodeDAO.FindEnabledNodeIdWithUniqueId(nodeId)
		if err != nil {
			return UserTypeNode, 0, errors.New("context: " + err.Error())
		}
		if nodeIntId <= 0 {
			return UserTypeNode, 0, errors.New("context: not found node with id '" + nodeId + "'")
		}
		nodeUserId = nodeIntId
	}

	if nodeUserId > 0 {
		return t, nodeUserId, nil
	} else {
		return t, m.GetInt64("userId"), nil
	}
}

// 返回Update成功信息
func RPCUpdateSuccess() (*pb.RPCUpdateSuccess, error) {
	return &pb.RPCUpdateSuccess{}, nil
}

// 返回Delete成功信息
func RPCDeleteSuccess() (*pb.RPCDeleteSuccess, error) {
	return &pb.RPCDeleteSuccess{}, nil
}

// 包装错误
func Wrap(description string, err error) error {
	if err == nil {
		return errors.New(description)
	}
	return errors.New(description + ": " + err.Error())
}
阶段性提交 2020-07-29 19:02:28 +08:00			`package rpcutils`

			`import (`
			`"context"`
			`"encoding/base64"`
			`"encoding/json"`
			`"errors"`
			`teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"`
			`"github.com/TeaOSLab/EdgeAPI/internal/db/models"`
			`"github.com/TeaOSLab/EdgeAPI/internal/encrypt"`
			`"github.com/TeaOSLab/EdgeAPI/internal/utils"`
简化代码/增加HTTPPage服务 2020-09-17 10:16:00 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"`
阶段性提交 2020-07-29 19:02:28 +08:00			`"github.com/iwind/TeaGo/lists"`
			`"github.com/iwind/TeaGo/maps"`
			`"google.golang.org/grpc/metadata"`
			`"time"`
			`)`

			`type UserType = string`

			`const (`
			`UserTypeNone = "none"`
			`UserTypeAdmin = "admin"`
			`UserTypeUser = "user"`
			`UserTypeProvider = "provider"`
			`UserTypeNode = "node"`
			`UserTypeMonitor = "monitor"`
			`UserTypeStat = "stat"`
			`UserTypeDNS = "dns"`
			`UserTypeLog = "log"`
初步实现安装界面 2020-10-13 20:05:13 +08:00			`UserTypeAPI = "api"`
阶段性提交 2020-07-29 19:02:28 +08:00			`)`

			`// 校验请求`
			`func ValidateRequest(ctx context.Context, userTypes ...UserType) (userType UserType, userId int64, err error) {`
			`md, ok := metadata.FromIncomingContext(ctx)`
			`if !ok {`
			`return UserTypeNone, 0, errors.New("context: need 'nodeId'")`
			`}`
			`nodeIds := md.Get("nodeid")`
			`if len(nodeIds) == 0 \|\| len(nodeIds[0]) == 0 {`
			`return UserTypeNone, 0, errors.New("context: need 'nodeId'")`
			`}`
			`nodeId := nodeIds[0]`

阶段性提交 2020-08-21 12:32:33 +08:00			`// 获取角色Node信息`
阶段性提交 2020-09-06 16:19:54 +08:00			`// TODO 缓存节点ID相关信息`
阶段性提交 2020-07-29 19:02:28 +08:00			`apiToken, err := models.SharedApiTokenDAO.FindEnabledTokenWithNode(nodeId)`
			`if err != nil {`
			`utils.PrintError(err)`
			`return UserTypeNone, 0, err`
			`}`
阶段性提交 2020-08-21 12:32:33 +08:00			`nodeUserId := int64(0)`
阶段性提交 2020-07-29 19:02:28 +08:00			`if apiToken == nil {`
初步实现安装界面 2020-10-13 20:05:13 +08:00			`return UserTypeNode, 0, errors.New("context: invalid api token")`
阶段性提交 2020-07-29 19:02:28 +08:00			`}`

			`tokens := md.Get("token")`
			`if len(tokens) == 0 \|\| len(tokens[0]) == 0 {`
			`return UserTypeNone, 0, errors.New("context: need 'token'")`
			`}`
			`token := tokens[0]`

			`data, err := base64.StdEncoding.DecodeString(token)`
			`if err != nil {`
			`return UserTypeNone, 0, err`
			`}`

			`method, err := encrypt.NewMethodInstance(teaconst.EncryptMethod, apiToken.Secret, nodeId)`
			`if err != nil {`
			`utils.PrintError(err)`
			`return UserTypeNone, 0, err`
			`}`
			`data, err = method.Decrypt(data)`
			`if err != nil {`
			`return UserTypeNone, 0, err`
			`}`
			`if len(data) == 0 {`
			`return UserTypeNone, 0, errors.New("invalid token")`
			`}`

			`m := maps.Map{}`
			`err = json.Unmarshal(data, &m)`
			`if err != nil {`
			`return UserTypeNone, 0, errors.New("decode token error: " + err.Error())`
			`}`

			`timestamp := m.GetInt64("timestamp")`
			`if time.Now().Unix()-timestamp > 600 {`
			`// 请求超过10分钟认为超时`
			`return UserTypeNone, 0, errors.New("authenticate timeout")`
			`}`

			`t := m.GetString("type")`
			`if len(userTypes) > 0 && !lists.ContainsString(userTypes, t) {`
			`return UserTypeNone, 0, errors.New("not supported user type: '" + userType + "'")`
			`}`

自动创建默认集群 2020-10-14 18:44:34 +08:00			`switch apiToken.Role {`
			`case UserTypeNode:`
			`nodeIntId, err := models.SharedNodeDAO.FindEnabledNodeIdWithUniqueId(nodeId)`
			`if err != nil {`
			`return UserTypeNode, 0, errors.New("context: " + err.Error())`
			`}`
			`if nodeIntId <= 0 {`
			`return UserTypeNode, 0, errors.New("context: not found node with id '" + nodeId + "'")`
			`}`
			`nodeUserId = nodeIntId`
			`}`

阶段性提交 2020-08-21 12:32:33 +08:00			`if nodeUserId > 0 {`
			`return t, nodeUserId, nil`
			`} else {`
			`return t, m.GetInt64("userId"), nil`
			`}`
阶段性提交 2020-07-29 19:02:28 +08:00			`}`
简化代码/增加HTTPPage服务 2020-09-17 10:16:00 +08:00
实现路径规则部分功能 2020-09-21 19:51:56 +08:00			`// 返回Update成功信息`
简化代码/增加HTTPPage服务 2020-09-17 10:16:00 +08:00			`func RPCUpdateSuccess() (*pb.RPCUpdateSuccess, error) {`
			`return &pb.RPCUpdateSuccess{}, nil`
			`}`
实现路径规则部分功能 2020-09-21 19:51:56 +08:00
			`// 返回Delete成功信息`
			`func RPCDeleteSuccess() (*pb.RPCDeleteSuccess, error) {`
			`return &pb.RPCDeleteSuccess{}, nil`
			`}`
实现websocket基本功能 2020-09-26 19:54:15 +08:00
			`// 包装错误`
			`func Wrap(description string, err error) error {`
			`if err == nil {`
			`return errors.New(description)`
			`}`
			`return errors.New(description + ": " + err.Error())`
			`}`