获取API令牌时检查管理员和用户状态

internal/rpc/services/service_api_access_token.go

@@ -2,8 +2,8 @@ package services
 
 import (
 	"context"
+	"errors"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 )
 
@@ -14,49 +14,70 @@ type APIAccessTokenService struct {
 
 // GetAPIAccessToken 获取AccessToken
 func (this *APIAccessTokenService) GetAPIAccessToken(ctx context.Context, req *pb.GetAPIAccessTokenRequest) (*pb.GetAPIAccessTokenResponse, error) {
-	if req.Type == "user" || req.Type == "admin" { // 用户或管理员
+	if req.Type != "user" && req.Type != "admin" {
-		var tx = this.NullTx()
-
-		accessKey, err := models.SharedUserAccessKeyDAO.FindAccessKeyWithUniqueId(tx, req.AccessKeyId)
-		if err != nil {
-			return nil, err
-		}
-		if accessKey == nil {
-			return nil, errors.New("access key not found")
-		}
-		if accessKey.Secret != req.AccessKey {
-			return nil, errors.New("access key not found")
-		}
-
-		// 检查数据
-		switch req.Type {
-		case "user":
-			if accessKey.UserId == 0 {
-				return nil, errors.New("access key not found")
-			}
-		case "admin":
-			if accessKey.AdminId == 0 {
-				return nil, errors.New("access key not found")
-			}
-		}
-
-		// 更新AccessKey访问时间
-		err = models.SharedUserAccessKeyDAO.UpdateAccessKeyAccessedAt(tx, int64(accessKey.Id))
-		if err != nil {
-			return nil, err
-		}
-
-		// 创建AccessToken
-		token, expiresAt, err := models.SharedAPIAccessTokenDAO.GenerateAccessToken(tx, int64(accessKey.AdminId), int64(accessKey.UserId))
-		if err != nil {
-			return nil, err
-		}
-
-		return &pb.GetAPIAccessTokenResponse{
-			Token:     token,
-			ExpiresAt: expiresAt,
-		}, nil
-	} else {
 		return nil, errors.New("unsupported type '" + req.Type + "'")
 	}
+
+	var tx = this.NullTx()
+
+	accessKey, err := models.SharedUserAccessKeyDAO.FindAccessKeyWithUniqueId(tx, req.AccessKeyId)
+	if err != nil {
+		return nil, err
+	}
+	if accessKey == nil {
+		return nil, errors.New("access key not found")
+	}
+	if accessKey.Secret != req.AccessKey {
+		return nil, errors.New("access key not found")
+	}
+
+	// 检查数据
+	switch req.Type {
+	case "user":
+		// TODO 将来支持子用户
+		if accessKey.UserId == 0 {
+			return nil, errors.New("access key not found")
+		}
+
+		// 检查用户状态
+		user, err := models.SharedUserDAO.FindEnabledUser(tx, int64(accessKey.UserId), nil)
+		if err != nil {
+			return nil, err
+		}
+		if user == nil || !user.IsOn {
+			return nil, errors.New("the user is not available")
+		}
+	case "admin":
+		if accessKey.AdminId == 0 {
+			return nil, errors.New("access key not found")
+		}
+
+		// 检查管理员状态
+		admin, err := models.SharedAdminDAO.FindEnabledAdmin(tx, int64(accessKey.AdminId))
+		if err != nil {
+			return nil, err
+		}
+		if admin == nil || !admin.IsOn {
+			return nil, errors.New("the admin is not available")
+		}
+	default:
+		return nil, errors.New("invalid type '" + req.Type + "'")
+	}
+
+	// 更新AccessKey访问时间
+	err = models.SharedUserAccessKeyDAO.UpdateAccessKeyAccessedAt(tx, int64(accessKey.Id))
+	if err != nil {
+		return nil, err
+	}
+
+	// 创建AccessToken
+	token, expiresAt, err := models.SharedAPIAccessTokenDAO.GenerateAccessToken(tx, int64(accessKey.AdminId), int64(accessKey.UserId))
+	if err != nil {
+		return nil, err
+	}
+
+	return &pb.GetAPIAccessTokenResponse{
+		Token:     token,
+		ExpiresAt: expiresAt,
+	}, nil
 }