From 2ee1ee9387f14531ac8478b55b6929f2f7f29dad Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Fri, 2 Dec 2022 17:33:01 +0800 Subject: [PATCH] =?UTF-8?q?=E8=8E=B7=E5=8F=96API=E4=BB=A4=E7=89=8C?= =?UTF-8?q?=E6=97=B6=E6=A3=80=E6=9F=A5=E7=AE=A1=E7=90=86=E5=91=98=E5=92=8C?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E7=8A=B6=E6=80=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../rpc/services/service_api_access_token.go | 109 +++++++++++------- 1 file changed, 65 insertions(+), 44 deletions(-) diff --git a/internal/rpc/services/service_api_access_token.go b/internal/rpc/services/service_api_access_token.go index 4859abe8..528fb78d 100644 --- a/internal/rpc/services/service_api_access_token.go +++ b/internal/rpc/services/service_api_access_token.go @@ -2,8 +2,8 @@ package services import ( "context" + "errors" "github.com/TeaOSLab/EdgeAPI/internal/db/models" - "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" ) @@ -14,49 +14,70 @@ type APIAccessTokenService struct { // GetAPIAccessToken 获取AccessToken func (this *APIAccessTokenService) GetAPIAccessToken(ctx context.Context, req *pb.GetAPIAccessTokenRequest) (*pb.GetAPIAccessTokenResponse, error) { - if req.Type == "user" || req.Type == "admin" { // 用户或管理员 - var tx = this.NullTx() - - accessKey, err := models.SharedUserAccessKeyDAO.FindAccessKeyWithUniqueId(tx, req.AccessKeyId) - if err != nil { - return nil, err - } - if accessKey == nil { - return nil, errors.New("access key not found") - } - if accessKey.Secret != req.AccessKey { - return nil, errors.New("access key not found") - } - - // 检查数据 - switch req.Type { - case "user": - if accessKey.UserId == 0 { - return nil, errors.New("access key not found") - } - case "admin": - if accessKey.AdminId == 0 { - return nil, errors.New("access key not found") - } - } - - // 更新AccessKey访问时间 - err = models.SharedUserAccessKeyDAO.UpdateAccessKeyAccessedAt(tx, int64(accessKey.Id)) - if err != nil { - return nil, err - } - - // 创建AccessToken - token, expiresAt, err := models.SharedAPIAccessTokenDAO.GenerateAccessToken(tx, int64(accessKey.AdminId), int64(accessKey.UserId)) - if err != nil { - return nil, err - } - - return &pb.GetAPIAccessTokenResponse{ - Token: token, - ExpiresAt: expiresAt, - }, nil - } else { + if req.Type != "user" && req.Type != "admin" { return nil, errors.New("unsupported type '" + req.Type + "'") } + + var tx = this.NullTx() + + accessKey, err := models.SharedUserAccessKeyDAO.FindAccessKeyWithUniqueId(tx, req.AccessKeyId) + if err != nil { + return nil, err + } + if accessKey == nil { + return nil, errors.New("access key not found") + } + if accessKey.Secret != req.AccessKey { + return nil, errors.New("access key not found") + } + + // 检查数据 + switch req.Type { + case "user": + // TODO 将来支持子用户 + if accessKey.UserId == 0 { + return nil, errors.New("access key not found") + } + + // 检查用户状态 + user, err := models.SharedUserDAO.FindEnabledUser(tx, int64(accessKey.UserId), nil) + if err != nil { + return nil, err + } + if user == nil || !user.IsOn { + return nil, errors.New("the user is not available") + } + case "admin": + if accessKey.AdminId == 0 { + return nil, errors.New("access key not found") + } + + // 检查管理员状态 + admin, err := models.SharedAdminDAO.FindEnabledAdmin(tx, int64(accessKey.AdminId)) + if err != nil { + return nil, err + } + if admin == nil || !admin.IsOn { + return nil, errors.New("the admin is not available") + } + default: + return nil, errors.New("invalid type '" + req.Type + "'") + } + + // 更新AccessKey访问时间 + err = models.SharedUserAccessKeyDAO.UpdateAccessKeyAccessedAt(tx, int64(accessKey.Id)) + if err != nil { + return nil, err + } + + // 创建AccessToken + token, expiresAt, err := models.SharedAPIAccessTokenDAO.GenerateAccessToken(tx, int64(accessKey.AdminId), int64(accessKey.UserId)) + if err != nil { + return nil, err + } + + return &pb.GetAPIAccessTokenResponse{ + Token: token, + ExpiresAt: expiresAt, + }, nil }