[系统用户]增加OTP动态密码二次认证

2025-11-16 01:50:25 +08:00 · 2020-12-24 17:16:51 +08:00
parent df33936ba1
commit 34e6f29aae
12 changed files with 330 additions and 30 deletions
--- a/internal/rpc/services/service_admin.go
+++ b/internal/rpc/services/service_admin.go
@@ -143,6 +143,23 @@ func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnab
 		}
 	}

+	// OTP认证
+	var pbOtpAuth *pb.Login = nil
+	{
+		adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(int64(admin.Id), models.LoginTypeOTP)
+		if err != nil {
+			return nil, err
+		}
+		if adminAuth != nil {
+			pbOtpAuth = &pb.Login{
+				Id:         int64(adminAuth.Id),
+				Type:       adminAuth.Type,
+				ParamsJSON: []byte(adminAuth.Params),
+				IsOn:       adminAuth.IsOn == 1,
+			}
+		}
+	}
+
 	result := &pb.Admin{
 		Id:       int64(admin.Id),
 		Fullname: admin.Fullname,
@@ -150,6 +167,7 @@ func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnab
 		IsOn:     admin.IsOn == 1,
 		IsSuper:  admin.IsSuper == 1,
 		Modules:  pbModules,
+		OtpLogin: pbOtpAuth,
 	}
 	return &pb.FindEnabledAdminResponse{Admin: result}, nil
 }
@@ -275,6 +293,7 @@ func (this *AdminService) CreateAdmin(ctx context.Context, req *pb.CreateAdminRe
 	if err != nil {
 		return nil, err
 	}
+
 	return &pb.CreateAdminResponse{AdminId: adminId}, nil
 }

@@ -291,6 +310,7 @@ func (this *AdminService) UpdateAdmin(ctx context.Context, req *pb.UpdateAdminRe
 	if err != nil {
 		return nil, err
 	}
+
 	return this.Success()
 }

@@ -326,6 +346,22 @@ func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEna

 	result := []*pb.Admin{}
 	for _, admin := range admins {
+		var pbOtpAuth *pb.Login = nil
+		{
+			adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(int64(admin.Id), models.LoginTypeOTP)
+			if err != nil {
+				return nil, err
+			}
+			if adminAuth != nil {
+				pbOtpAuth = &pb.Login{
+					Id:         int64(adminAuth.Id),
+					Type:       adminAuth.Type,
+					ParamsJSON: []byte(adminAuth.Params),
+					IsOn:       adminAuth.IsOn == 1,
+				}
+			}
+		}
+
 		result = append(result, &pb.Admin{
 			Id:        int64(admin.Id),
 			Fullname:  admin.Fullname,
@@ -333,6 +369,7 @@ func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEna
 			IsOn:      admin.IsOn == 1,
 			IsSuper:   admin.IsSuper == 1,
 			CreatedAt: int64(admin.CreatedAt),
+			OtpLogin:  pbOtpAuth,
 		})
 	}

@@ -357,3 +394,29 @@ func (this *AdminService) DeleteAdmin(ctx context.Context, req *pb.DeleteAdminRe

 	return this.Success()
 }
+
+// 检查是否需要输入OTP
+func (this *AdminService) CheckAdminOTPWithUsername(ctx context.Context, req *pb.CheckAdminOTPWithUsernameRequest) (*pb.CheckAdminOTPWithUsernameResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(req.Username) == 0 {
+		return &pb.CheckAdminOTPWithUsernameResponse{RequireOTP: false}, nil
+	}
+
+	adminId, err := models.SharedAdminDAO.FindAdminIdWithUsername(req.Username)
+	if err != nil {
+		return nil, err
+	}
+	if adminId <= 0 {
+		return &pb.CheckAdminOTPWithUsernameResponse{RequireOTP: false}, nil
+	}
+
+	otpIsOn, err := models.SharedLoginDAO.CheckLoginIsOn(adminId, "otp")
+	if err != nil {
+		return nil, err
+	}
+	return &pb.CheckAdminOTPWithUsernameResponse{RequireOTP: otpIsOn}, nil
+}
--- a/internal/rpc/services/service_login.go
+++ b/internal/rpc/services/service_login.go
@@ -0,0 +1,70 @@
+package services
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+// 管理员认证相关服务
+type LoginService struct {
+	BaseService
+}
+
+// 查找认证
+func (this *LoginService) FindEnabledLogin(ctx context.Context, req *pb.FindEnabledLoginRequest) (*pb.FindEnabledLoginResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+	login, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(req.AdminId, req.Type)
+	if err != nil {
+		return nil, err
+	}
+	if login == nil {
+		return &pb.FindEnabledLoginResponse{Login: nil}, nil
+	}
+	return &pb.FindEnabledLoginResponse{Login: &pb.Login{
+		Id:         int64(login.Id),
+		Type:       login.Type,
+		ParamsJSON: []byte(login.Params),
+		IsOn:       login.IsOn == 1,
+		AdminId:    int64(login.AdminId),
+		UserId:     int64(login.UserId),
+	}}, nil
+}
+
+// 修改认证
+func (this *LoginService) UpdateLogin(ctx context.Context, req *pb.UpdateLoginRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	if req.Login == nil {
+		return nil, errors.New("'login' should not be nil")
+	}
+
+	if req.Login.IsOn {
+		params := maps.Map{}
+		if len(req.Login.ParamsJSON) > 0 {
+			err = json.Unmarshal(req.Login.ParamsJSON, &params)
+			if err != nil {
+				return nil, err
+			}
+		}
+		err = models.SharedLoginDAO.UpdateLogin(req.Login.AdminId, req.Login.Type, params, req.Login.IsOn)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		err = models.SharedLoginDAO.DisableLoginWithAdminId(req.Login.AdminId, req.Login.Type)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return this.Success()
+}
--- a/internal/rpc/services/service_server.go
+++ b/internal/rpc/services/service_server.go
@@ -436,6 +436,14 @@ func (this *ServerService) UpdateServerNamesAuditing(ctx context.Context, req *p
 		}
 	}

+	// 通知服务更新
+	go func() {
+		err := this.notifyServerDNSChanged(req.ServerId)
+		if err != nil {
+			logs.Println("[DNS]notify server changed: " + err.Error())
+		}
+	}()
+
 	return this.Success()
 }