2020-09-16 20:29:18 +08:00
|
|
|
package services
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
import (
|
|
|
|
|
"context"
|
2021-01-20 10:08:06 +08:00
|
|
|
"encoding/base64"
|
|
|
|
|
"encoding/json"
|
2024-07-27 14:15:25 +08:00
|
|
|
|
2021-01-20 10:08:06 +08:00
|
|
|
teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
|
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
2021-04-14 20:02:21 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models/authority"
|
2021-01-20 10:08:06 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/encrypt"
|
2020-11-24 15:02:44 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
2022-01-19 16:53:52 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/rpc"
|
2020-11-24 15:02:44 +08:00
|
|
|
rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
|
2021-01-20 10:08:06 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/utils"
|
2020-11-24 15:02:44 +08:00
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
2021-01-01 23:31:30 +08:00
|
|
|
"github.com/iwind/TeaGo/dbs"
|
2021-01-20 10:08:06 +08:00
|
|
|
"github.com/iwind/TeaGo/lists"
|
|
|
|
|
"github.com/iwind/TeaGo/maps"
|
2023-06-16 08:17:00 +08:00
|
|
|
"google.golang.org/grpc/codes"
|
2021-01-20 10:08:06 +08:00
|
|
|
"google.golang.org/grpc/metadata"
|
2023-06-16 08:17:00 +08:00
|
|
|
"google.golang.org/grpc/status"
|
2020-11-24 15:02:44 +08:00
|
|
|
)
|
|
|
|
|
|
2020-09-16 20:29:18 +08:00
|
|
|
type BaseService struct {
|
|
|
|
|
}
|
2020-11-24 15:02:44 +08:00
|
|
|
|
2021-04-13 21:23:26 +08:00
|
|
|
// ValidateAdmin 校验管理员
|
2022-07-22 14:35:17 +08:00
|
|
|
func (this *BaseService) ValidateAdmin(ctx context.Context) (adminId int64, err error) {
|
2021-07-11 18:05:57 +08:00
|
|
|
_, _, reqUserId, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
|
2020-11-27 09:57:21 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
return reqUserId, nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-13 21:23:26 +08:00
|
|
|
// ValidateAdminAndUser 校验管理员和用户
|
2022-09-17 16:07:37 +08:00
|
|
|
func (this *BaseService) ValidateAdminAndUser(ctx context.Context, canRest bool) (adminId int64, userId int64, err error) {
|
2021-07-11 18:05:57 +08:00
|
|
|
reqUserType, _, reqUserId, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser)
|
2020-11-24 15:02:44 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
adminId = int64(0)
|
|
|
|
|
userId = int64(0)
|
|
|
|
|
switch reqUserType {
|
|
|
|
|
case rpcutils.UserTypeAdmin:
|
|
|
|
|
adminId = reqUserId
|
2021-01-03 21:37:47 +08:00
|
|
|
if adminId < 0 { // 允许AdminId = 0
|
2020-11-25 21:19:22 +08:00
|
|
|
err = errors.New("invalid 'adminId'")
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-11-24 15:02:44 +08:00
|
|
|
case rpcutils.UserTypeUser:
|
|
|
|
|
userId = reqUserId
|
2022-07-22 15:05:30 +08:00
|
|
|
if userId < 0 { // 允许等于0
|
2020-11-25 21:19:22 +08:00
|
|
|
err = errors.New("invalid 'userId'")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
err = errors.New("invalid user type")
|
2020-11-24 15:02:44 +08:00
|
|
|
}
|
2020-11-25 21:19:22 +08:00
|
|
|
|
2022-09-17 16:07:37 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if userId > 0 && !canRest && rpcutils.IsRest(ctx) {
|
|
|
|
|
err = errors.New("can not be called by rest")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-13 21:23:26 +08:00
|
|
|
// ValidateNode 校验边缘节点
|
2020-12-03 18:19:22 +08:00
|
|
|
func (this *BaseService) ValidateNode(ctx context.Context) (nodeId int64, err error) {
|
2021-07-11 18:05:57 +08:00
|
|
|
_, _, nodeId, err = rpcutils.ValidateRequest(ctx, rpcutils.UserTypeNode)
|
2020-12-03 18:19:22 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-22 18:42:57 +08:00
|
|
|
// ValidateNSNode 校验DNS节点
|
|
|
|
|
func (this *BaseService) ValidateNSNode(ctx context.Context) (nodeId int64, err error) {
|
|
|
|
|
_, _, nodeId, err = rpcutils.ValidateRequest(ctx, rpcutils.UserTypeDNS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ValidateUserNode 校验用户节点
|
2022-09-17 16:07:37 +08:00
|
|
|
func (this *BaseService) ValidateUserNode(ctx context.Context, canRest bool) (userId int64, err error) {
|
|
|
|
|
// 不允许REST调用
|
|
|
|
|
if !canRest && rpcutils.IsRest(ctx) {
|
|
|
|
|
err = errors.New("can not be called by rest")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-11 18:05:57 +08:00
|
|
|
_, _, userId, err = rpcutils.ValidateRequest(ctx, rpcutils.UserTypeUser)
|
2020-12-14 21:25:11 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-22 18:42:57 +08:00
|
|
|
// ValidateAuthorityNode 校验认证节点
|
|
|
|
|
func (this *BaseService) ValidateAuthorityNode(ctx context.Context) (nodeId int64, err error) {
|
2021-07-11 18:05:57 +08:00
|
|
|
_, _, nodeId, err = rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAuthority)
|
2021-04-13 21:23:26 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ValidateNodeId 获取节点ID
|
2021-01-20 10:08:06 +08:00
|
|
|
func (this *BaseService) ValidateNodeId(ctx context.Context, roles ...rpcutils.UserType) (role rpcutils.UserType, nodeIntId int64, err error) {
|
2022-01-06 16:25:23 +08:00
|
|
|
// 默认包含大部分节点
|
|
|
|
|
if len(roles) == 0 {
|
2023-10-12 20:11:21 +08:00
|
|
|
roles = []rpcutils.UserType{rpcutils.UserTypeNode, rpcutils.UserTypeCluster, rpcutils.UserTypeAdmin, rpcutils.UserTypeUser, rpcutils.UserTypeDNS, rpcutils.UserTypeReport, rpcutils.UserTypeLog, rpcutils.UserTypeAPI}
|
2022-01-06 16:25:23 +08:00
|
|
|
}
|
|
|
|
|
|
2021-01-20 10:08:06 +08:00
|
|
|
if ctx == nil {
|
|
|
|
|
err = errors.New("context should not be nil")
|
|
|
|
|
role = rpcutils.UserTypeNone
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
|
|
|
if !ok {
|
|
|
|
|
return rpcutils.UserTypeNone, 0, errors.New("context: need 'nodeId'")
|
|
|
|
|
}
|
|
|
|
|
nodeIds := md.Get("nodeid")
|
|
|
|
|
if len(nodeIds) == 0 || len(nodeIds[0]) == 0 {
|
|
|
|
|
return rpcutils.UserTypeNone, 0, errors.New("context: need 'nodeId'")
|
|
|
|
|
}
|
|
|
|
|
nodeId := nodeIds[0]
|
|
|
|
|
|
|
|
|
|
// 获取角色Node信息
|
|
|
|
|
// TODO 缓存节点ID相关信息
|
|
|
|
|
apiToken, err := models.SharedApiTokenDAO.FindEnabledTokenWithNode(nil, nodeId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return rpcutils.UserTypeNone, 0, err
|
|
|
|
|
}
|
|
|
|
|
if apiToken == nil {
|
|
|
|
|
return rpcutils.UserTypeNone, 0, errors.New("context: can not find api token for node '" + nodeId + "'")
|
|
|
|
|
}
|
|
|
|
|
if !lists.ContainsString(roles, apiToken.Role) {
|
|
|
|
|
return rpcutils.UserTypeNone, 0, errors.New("context: unsupported role '" + apiToken.Role + "'")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tokens := md.Get("token")
|
|
|
|
|
if len(tokens) == 0 || len(tokens[0]) == 0 {
|
|
|
|
|
return rpcutils.UserTypeNone, 0, errors.New("context: need 'token'")
|
|
|
|
|
}
|
|
|
|
|
token := tokens[0]
|
|
|
|
|
|
|
|
|
|
data, err := base64.StdEncoding.DecodeString(token)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return rpcutils.UserTypeNone, 0, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
method, err := encrypt.NewMethodInstance(teaconst.EncryptMethod, apiToken.Secret, nodeId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
utils.PrintError(err)
|
|
|
|
|
return rpcutils.UserTypeNone, 0, err
|
|
|
|
|
}
|
|
|
|
|
data, err = method.Decrypt(data)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return rpcutils.UserTypeNone, 0, err
|
|
|
|
|
}
|
|
|
|
|
if len(data) == 0 {
|
|
|
|
|
return rpcutils.UserTypeNone, 0, errors.New("invalid token")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m := maps.Map{}
|
|
|
|
|
err = json.Unmarshal(data, &m)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return rpcutils.UserTypeNone, 0, errors.New("decode token error: " + err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-05 11:37:22 +08:00
|
|
|
role = apiToken.Role
|
2021-01-20 10:08:06 +08:00
|
|
|
switch apiToken.Role {
|
|
|
|
|
case rpcutils.UserTypeNode:
|
|
|
|
|
nodeIntId, err = models.SharedNodeDAO.FindEnabledNodeIdWithUniqueId(nil, nodeId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return rpcutils.UserTypeNode, 0, errors.New("context: " + err.Error())
|
|
|
|
|
}
|
|
|
|
|
if nodeIntId <= 0 {
|
|
|
|
|
return rpcutils.UserTypeNode, 0, errors.New("context: not found node with id '" + nodeId + "'")
|
|
|
|
|
}
|
|
|
|
|
case rpcutils.UserTypeCluster:
|
|
|
|
|
nodeIntId, err = models.SharedNodeClusterDAO.FindEnabledClusterIdWithUniqueId(nil, nodeId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return rpcutils.UserTypeCluster, 0, errors.New("context: " + err.Error())
|
|
|
|
|
}
|
|
|
|
|
if nodeIntId <= 0 {
|
|
|
|
|
return rpcutils.UserTypeCluster, 0, errors.New("context: not found cluster with id '" + nodeId + "'")
|
|
|
|
|
}
|
|
|
|
|
case rpcutils.UserTypeUser:
|
|
|
|
|
nodeIntId, err = models.SharedUserNodeDAO.FindEnabledUserNodeIdWithUniqueId(nil, nodeId)
|
|
|
|
|
case rpcutils.UserTypeAdmin:
|
|
|
|
|
nodeIntId = 0
|
2021-05-26 14:40:05 +08:00
|
|
|
case rpcutils.UserTypeDNS:
|
2021-08-08 15:47:48 +08:00
|
|
|
nodeIntId, err = models.SharedNSNodeDAO.FindEnabledNodeIdWithUniqueId(nil, nodeId)
|
2021-09-05 11:10:18 +08:00
|
|
|
case rpcutils.UserTypeReport:
|
|
|
|
|
nodeIntId, err = models.SharedReportNodeDAO.FindEnabledNodeIdWithUniqueId(nil, nodeId)
|
2021-04-14 20:02:21 +08:00
|
|
|
case rpcutils.UserTypeAuthority:
|
|
|
|
|
nodeIntId, err = authority.SharedAuthorityNodeDAO.FindEnabledAuthorityNodeIdWithUniqueId(nil, nodeId)
|
2021-01-20 10:08:06 +08:00
|
|
|
default:
|
|
|
|
|
err = errors.New("unsupported user role '" + apiToken.Role + "'")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-13 21:23:26 +08:00
|
|
|
// Success 返回成功
|
2020-11-24 15:02:44 +08:00
|
|
|
func (this *BaseService) Success() (*pb.RPCSuccess, error) {
|
2020-11-24 17:36:47 +08:00
|
|
|
return &pb.RPCSuccess{}, nil
|
2020-11-24 15:02:44 +08:00
|
|
|
}
|
|
|
|
|
|
2021-04-13 21:23:26 +08:00
|
|
|
// SuccessCount 返回数字
|
2020-11-24 17:36:47 +08:00
|
|
|
func (this *BaseService) SuccessCount(count int64) (*pb.RPCCountResponse, error) {
|
2020-11-24 15:02:44 +08:00
|
|
|
return &pb.RPCCountResponse{Count: count}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-30 19:59:49 +08:00
|
|
|
// Exists 返回是否存在
|
|
|
|
|
func (this *BaseService) Exists(b bool) (*pb.RPCExists, error) {
|
|
|
|
|
return &pb.RPCExists{Exists: b}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-13 21:23:26 +08:00
|
|
|
// PermissionError 返回权限错误
|
2020-11-24 15:02:44 +08:00
|
|
|
func (this *BaseService) PermissionError() error {
|
|
|
|
|
return errors.New("Permission Denied")
|
|
|
|
|
}
|
2021-01-01 23:31:30 +08:00
|
|
|
|
2022-10-15 19:16:08 +08:00
|
|
|
func (this *BaseService) NotImplementedYet() error {
|
2023-06-16 08:17:00 +08:00
|
|
|
return status.Error(codes.Unimplemented, "not implemented yet")
|
2022-10-15 19:16:08 +08:00
|
|
|
}
|
|
|
|
|
|
2021-04-13 21:23:26 +08:00
|
|
|
// NullTx 空的数据库事务
|
2021-01-01 23:31:30 +08:00
|
|
|
func (this *BaseService) NullTx() *dbs.Tx {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2021-01-11 18:16:04 +08:00
|
|
|
|
2021-04-13 21:23:26 +08:00
|
|
|
// RunTx 在当前数据中执行一个事务
|
2021-01-11 18:16:04 +08:00
|
|
|
func (this *BaseService) RunTx(callback func(tx *dbs.Tx) error) error {
|
|
|
|
|
db, err := dbs.Default()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return db.RunTx(callback)
|
|
|
|
|
}
|
2022-01-19 16:53:52 +08:00
|
|
|
|
|
|
|
|
// BeginTag 开始标签统计
|
|
|
|
|
func (this *BaseService) BeginTag(ctx context.Context, name string) {
|
|
|
|
|
if !teaconst.Debug {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
traceCtx, ok := ctx.(*rpc.Context)
|
|
|
|
|
if ok {
|
|
|
|
|
traceCtx.Begin(name)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// EndTag 结束标签统计
|
|
|
|
|
func (this *BaseService) EndTag(ctx context.Context, name string) {
|
|
|
|
|
if !teaconst.Debug {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
traceCtx, ok := ctx.(*rpc.Context)
|
|
|
|
|
if ok {
|
|
|
|
|
traceCtx.End(name)
|
|
|
|
|
}
|
|
|
|
|
}
|
