2020-07-29 19:02:28 +08:00
|
|
|
package rpcutils
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"encoding/base64"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"errors"
|
|
|
|
|
teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
|
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
2021-06-01 16:43:00 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models/authority"
|
2020-07-29 19:02:28 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/encrypt"
|
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/utils"
|
|
|
|
|
"github.com/iwind/TeaGo/lists"
|
|
|
|
|
"github.com/iwind/TeaGo/maps"
|
|
|
|
|
"google.golang.org/grpc/metadata"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type UserType = string
|
|
|
|
|
|
|
|
|
|
const (
|
2021-04-13 20:01:21 +08:00
|
|
|
UserTypeNone = "none"
|
|
|
|
|
UserTypeAdmin = "admin"
|
|
|
|
|
UserTypeUser = "user"
|
|
|
|
|
UserTypeProvider = "provider"
|
|
|
|
|
UserTypeNode = "node"
|
|
|
|
|
UserTypeCluster = "cluster"
|
|
|
|
|
UserTypeMonitor = "monitor"
|
|
|
|
|
UserTypeStat = "stat"
|
|
|
|
|
UserTypeDNS = "dns"
|
|
|
|
|
UserTypeLog = "log"
|
|
|
|
|
UserTypeAPI = "api"
|
|
|
|
|
UserTypeAuthority = "authority"
|
2021-09-05 11:10:18 +08:00
|
|
|
UserTypeReport = "report"
|
2020-07-29 19:02:28 +08:00
|
|
|
)
|
|
|
|
|
|
2021-04-13 20:01:21 +08:00
|
|
|
// ValidateRequest 校验请求
|
2021-07-11 18:05:57 +08:00
|
|
|
func ValidateRequest(ctx context.Context, userTypes ...UserType) (userType UserType, resultNodeId int64, userId int64, err error) {
|
2021-01-01 20:49:09 +08:00
|
|
|
if ctx == nil {
|
|
|
|
|
err = errors.New("context should not be nil")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 支持直接认证
|
|
|
|
|
plainCtx, ok := ctx.(*PlainContext)
|
|
|
|
|
if ok {
|
|
|
|
|
userType = plainCtx.UserType
|
|
|
|
|
userId = plainCtx.UserId
|
|
|
|
|
|
|
|
|
|
if len(userTypes) > 0 && !lists.ContainsString(userTypes, userType) {
|
|
|
|
|
userType = UserTypeNone
|
|
|
|
|
userId = 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if userId <= 0 {
|
|
|
|
|
err = errors.New("context: can not find user or permission denied")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-25 16:40:03 +08:00
|
|
|
// 是否是模拟测试
|
2021-01-26 18:41:02 +08:00
|
|
|
{
|
|
|
|
|
mockCtx, isMock := ctx.(*MockNodeContext)
|
|
|
|
|
if isMock {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNode, 0, mockCtx.NodeId, nil
|
2021-01-26 18:41:02 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
mockCtx, isMock := ctx.(*MockAdminNodeContext)
|
|
|
|
|
if isMock {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeAdmin, 0, mockCtx.AdminId, nil
|
2021-01-26 18:41:02 +08:00
|
|
|
}
|
2021-01-25 16:40:03 +08:00
|
|
|
}
|
|
|
|
|
|
2020-07-29 19:02:28 +08:00
|
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
|
|
|
if !ok {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNone, 0, 0, errors.New("context: need 'nodeId'")
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
|
|
|
|
nodeIds := md.Get("nodeid")
|
|
|
|
|
if len(nodeIds) == 0 || len(nodeIds[0]) == 0 {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNone, 0, 0, errors.New("context: need 'nodeId'")
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
|
|
|
|
nodeId := nodeIds[0]
|
|
|
|
|
|
2020-08-21 12:32:33 +08:00
|
|
|
// 获取角色Node信息
|
2021-01-21 10:06:59 +08:00
|
|
|
apiToken, err := models.SharedApiTokenDAO.FindEnabledTokenWithNodeCacheable(nil, nodeId)
|
2020-07-29 19:02:28 +08:00
|
|
|
if err != nil {
|
|
|
|
|
utils.PrintError(err)
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNone, 0, 0, err
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
2020-08-21 12:32:33 +08:00
|
|
|
nodeUserId := int64(0)
|
2020-07-29 19:02:28 +08:00
|
|
|
if apiToken == nil {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNode, 0, 0, errors.New("context: can not find api token for node '" + nodeId + "'")
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tokens := md.Get("token")
|
|
|
|
|
if len(tokens) == 0 || len(tokens[0]) == 0 {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNone, 0, 0, errors.New("context: need 'token'")
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
|
|
|
|
token := tokens[0]
|
|
|
|
|
|
|
|
|
|
data, err := base64.StdEncoding.DecodeString(token)
|
|
|
|
|
if err != nil {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNone, 0, 0, err
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
method, err := encrypt.NewMethodInstance(teaconst.EncryptMethod, apiToken.Secret, nodeId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
utils.PrintError(err)
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNone, 0, 0, err
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
|
|
|
|
data, err = method.Decrypt(data)
|
|
|
|
|
if err != nil {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNone, 0, 0, err
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
|
|
|
|
if len(data) == 0 {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNone, 0, 0, errors.New("invalid token")
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m := maps.Map{}
|
|
|
|
|
err = json.Unmarshal(data, &m)
|
|
|
|
|
if err != nil {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNone, 0, 0, errors.New("decode token error: " + err.Error())
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
t := m.GetString("type")
|
|
|
|
|
if len(userTypes) > 0 && !lists.ContainsString(userTypes, t) {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNone, 0, 0, errors.New("not supported node type: '" + t + "'")
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
|
|
|
|
|
2020-10-14 18:44:34 +08:00
|
|
|
switch apiToken.Role {
|
|
|
|
|
case UserTypeNode:
|
2021-01-21 10:06:59 +08:00
|
|
|
// TODO 需要检查集群是否已经删除
|
|
|
|
|
nodeIntId, err := models.SharedNodeDAO.FindEnabledNodeIdWithUniqueIdCacheable(nil, nodeId)
|
2020-10-14 18:44:34 +08:00
|
|
|
if err != nil {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNode, 0, 0, errors.New("context: " + err.Error())
|
2020-10-14 18:44:34 +08:00
|
|
|
}
|
|
|
|
|
if nodeIntId <= 0 {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeNode, 0, 0, errors.New("context: not found node with id '" + nodeId + "'")
|
2020-10-14 18:44:34 +08:00
|
|
|
}
|
|
|
|
|
nodeUserId = nodeIntId
|
2021-07-11 18:05:57 +08:00
|
|
|
resultNodeId = nodeIntId
|
2020-10-17 11:14:53 +08:00
|
|
|
case UserTypeCluster:
|
2021-01-01 23:31:30 +08:00
|
|
|
clusterId, err := models.SharedNodeClusterDAO.FindEnabledClusterIdWithUniqueId(nil, nodeId)
|
2020-10-17 11:14:53 +08:00
|
|
|
if err != nil {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeCluster, 0, 0, errors.New("context: " + err.Error())
|
2020-10-17 11:14:53 +08:00
|
|
|
}
|
|
|
|
|
if clusterId <= 0 {
|
2021-07-11 18:05:57 +08:00
|
|
|
return UserTypeCluster, 0, 0, errors.New("context: not found cluster with id '" + nodeId + "'")
|
2020-10-17 11:14:53 +08:00
|
|
|
}
|
|
|
|
|
nodeUserId = clusterId
|
2021-07-11 18:05:57 +08:00
|
|
|
resultNodeId = clusterId
|
2020-12-14 21:25:11 +08:00
|
|
|
case UserTypeUser:
|
2021-07-11 18:05:57 +08:00
|
|
|
nodeIntId, err := models.SharedUserNodeDAO.FindEnabledUserNodeIdWithUniqueId(nil, nodeId)
|
|
|
|
|
if err != nil {
|
2021-09-05 11:10:18 +08:00
|
|
|
return UserTypeUser, 0, 0, errors.New("context: " + err.Error())
|
2021-07-11 18:05:57 +08:00
|
|
|
}
|
|
|
|
|
if nodeIntId <= 0 {
|
2021-09-05 11:10:18 +08:00
|
|
|
return UserTypeUser, 0, 0, errors.New("context: not found node with id '" + nodeId + "'")
|
2021-07-11 18:05:57 +08:00
|
|
|
}
|
|
|
|
|
resultNodeId = nodeIntId
|
2021-04-05 20:48:33 +08:00
|
|
|
case UserTypeMonitor:
|
2021-07-11 18:05:57 +08:00
|
|
|
nodeIntId, err := models.SharedMonitorNodeDAO.FindEnabledMonitorNodeIdWithUniqueId(nil, nodeId)
|
|
|
|
|
if err != nil {
|
2021-09-05 11:10:18 +08:00
|
|
|
return UserTypeMonitor, 0, 0, errors.New("context: " + err.Error())
|
2021-07-11 18:05:57 +08:00
|
|
|
}
|
|
|
|
|
if nodeIntId <= 0 {
|
2021-09-05 11:10:18 +08:00
|
|
|
return UserTypeMonitor, 0, 0, errors.New("context: not found node with id '" + nodeId + "'")
|
2021-07-11 18:05:57 +08:00
|
|
|
}
|
|
|
|
|
resultNodeId = nodeIntId
|
2021-06-01 16:43:00 +08:00
|
|
|
case UserTypeAuthority:
|
|
|
|
|
nodeIntId, err := authority.SharedAuthorityNodeDAO.FindEnabledAuthorityNodeIdWithUniqueId(nil, nodeId)
|
|
|
|
|
if err != nil {
|
2021-09-05 11:10:18 +08:00
|
|
|
return UserTypeAuthority, 0, 0, errors.New("context: " + err.Error())
|
2021-06-01 16:43:00 +08:00
|
|
|
}
|
|
|
|
|
if nodeIntId <= 0 {
|
2021-09-05 11:10:18 +08:00
|
|
|
return UserTypeAuthority, 0, 0, errors.New("context: not found node with id '" + nodeId + "'")
|
2021-06-01 16:43:00 +08:00
|
|
|
}
|
|
|
|
|
nodeUserId = nodeIntId
|
2021-07-11 18:05:57 +08:00
|
|
|
resultNodeId = nodeIntId
|
2021-04-05 20:48:33 +08:00
|
|
|
case UserTypeDNS:
|
2021-08-08 15:47:48 +08:00
|
|
|
nodeIntId, err := models.SharedNSNodeDAO.FindEnabledNodeIdWithUniqueId(nil, nodeId)
|
2021-06-01 16:43:00 +08:00
|
|
|
if err != nil {
|
2021-09-05 11:10:18 +08:00
|
|
|
return UserTypeDNS, nodeIntId, 0, errors.New("context: " + err.Error())
|
|
|
|
|
}
|
|
|
|
|
if nodeIntId <= 0 {
|
|
|
|
|
return UserTypeDNS, nodeIntId, 0, errors.New("context: not found node with id '" + nodeId + "'")
|
|
|
|
|
}
|
|
|
|
|
nodeUserId = nodeIntId
|
|
|
|
|
resultNodeId = nodeIntId
|
|
|
|
|
case UserTypeReport:
|
|
|
|
|
nodeIntId, err := models.SharedReportNodeDAO.FindEnabledNodeIdWithUniqueId(nil, nodeId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return UserTypeReport, nodeIntId, 0, errors.New("context: " + err.Error())
|
2021-06-01 16:43:00 +08:00
|
|
|
}
|
|
|
|
|
if nodeIntId <= 0 {
|
2021-09-05 11:10:18 +08:00
|
|
|
return UserTypeReport, nodeIntId, 0, errors.New("context: not found node with id '" + nodeId + "'")
|
2021-06-01 16:43:00 +08:00
|
|
|
}
|
|
|
|
|
nodeUserId = nodeIntId
|
2021-07-11 18:05:57 +08:00
|
|
|
resultNodeId = nodeIntId
|
2020-10-14 18:44:34 +08:00
|
|
|
}
|
|
|
|
|
|
2020-08-21 12:32:33 +08:00
|
|
|
if nodeUserId > 0 {
|
2021-07-11 18:05:57 +08:00
|
|
|
return t, resultNodeId, nodeUserId, nil
|
2020-08-21 12:32:33 +08:00
|
|
|
} else {
|
2021-07-11 18:05:57 +08:00
|
|
|
return t, resultNodeId, m.GetInt64("userId"), nil
|
2020-08-21 12:32:33 +08:00
|
|
|
}
|
2020-07-29 19:02:28 +08:00
|
|
|
}
|
2020-09-17 10:16:00 +08:00
|
|
|
|
2021-04-13 20:01:21 +08:00
|
|
|
// Wrap 包装错误
|
2020-09-26 19:54:15 +08:00
|
|
|
func Wrap(description string, err error) error {
|
|
|
|
|
if err == nil {
|
|
|
|
|
return errors.New(description)
|
|
|
|
|
}
|
|
|
|
|
return errors.New(description + ": " + err.Error())
|
|
|
|
|
}
|
