mirror of
https://github.com/TeaOSLab/EdgeAPI.git
synced 2025-11-07 02:20:24 +08:00
自动检查管理员弱密码并提醒
This commit is contained in:
刘祥超
@@ -1,6 +1,7 @@
|
|||||||
package models
|
package models
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils"
|
||||||
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
||||||
_ "github.com/go-sql-driver/mysql"
|
_ "github.com/go-sql-driver/mysql"
|
||||||
"github.com/iwind/TeaGo/Tea"
|
"github.com/iwind/TeaGo/Tea"
|
||||||
@@ -266,17 +267,34 @@ func (this *AdminDAO) FindAllAdminModules(tx *dbs.Tx) (result []*Admin, err erro
|
|||||||
}
|
}
|
||||||
|
|
||||||
// CountAllEnabledAdmins 计算所有管理员数量
|
// CountAllEnabledAdmins 计算所有管理员数量
|
||||||
func (this *AdminDAO) CountAllEnabledAdmins(tx *dbs.Tx) (int64, error) {
|
func (this *AdminDAO) CountAllEnabledAdmins(tx *dbs.Tx, keyword string, hasWeakPasswords bool) (int64, error) {
|
||||||
return this.Query(tx).
|
var query = this.Query(tx)
|
||||||
|
if len(keyword) > 0 {
|
||||||
|
query.Where("(username LIKE :keyword OR fullname LIKE :keyword)")
|
||||||
|
query.Param("keyword", dbutils.QuoteLike(keyword))
|
||||||
|
}
|
||||||
|
if hasWeakPasswords {
|
||||||
|
query.Attr("password", weakPasswords)
|
||||||
|
}
|
||||||
|
return query.
|
||||||
State(AdminStateEnabled).
|
State(AdminStateEnabled).
|
||||||
Count()
|
Count()
|
||||||
}
|
}
|
||||||
|
|
||||||
// ListEnabledAdmins 列出单页的管理员
|
// ListEnabledAdmins 列出单页的管理员
|
||||||
func (this *AdminDAO) ListEnabledAdmins(tx *dbs.Tx, offset int64, size int64) (result []*Admin, err error) {
|
func (this *AdminDAO) ListEnabledAdmins(tx *dbs.Tx, keyword string, hasWeakPasswords bool, offset int64, size int64) (result []*Admin, err error) {
|
||||||
_, err = this.Query(tx).
|
var query = this.Query(tx)
|
||||||
|
if len(keyword) > 0 {
|
||||||
|
query.Where("(username LIKE :keyword OR fullname LIKE :keyword)")
|
||||||
|
query.Param("keyword", dbutils.QuoteLike(keyword))
|
||||||
|
}
|
||||||
|
if hasWeakPasswords {
|
||||||
|
query.Attr("password", weakPasswords)
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = query.
|
||||||
State(AdminStateEnabled).
|
State(AdminStateEnabled).
|
||||||
Result("id", "isOn", "username", "fullname", "isSuper", "createdAt", "canLogin").
|
Result("id", "isOn", "username", "fullname", "isSuper", "createdAt", "canLogin", "password").
|
||||||
Offset(offset).
|
Offset(offset).
|
||||||
Limit(size).
|
Limit(size).
|
||||||
DescPk().
|
DescPk().
|
||||||
@@ -292,3 +310,15 @@ func (this *AdminDAO) UpdateAdminTheme(tx *dbs.Tx, adminId int64, theme string)
|
|||||||
Set("theme", theme).
|
Set("theme", theme).
|
||||||
UpdateQuickly()
|
UpdateQuickly()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CheckSuperAdmin 检查管理员是否为超级管理员
|
||||||
|
func (this *AdminDAO) CheckSuperAdmin(tx *dbs.Tx, adminId int64) (bool, error) {
|
||||||
|
if adminId <= 0 {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
return this.Query(tx).
|
||||||
|
Pk(adminId).
|
||||||
|
State(AdminStateEnabled).
|
||||||
|
Attr("isSuper", true).
|
||||||
|
Exist()
|
||||||
|
}
|
||||||
|
|||||||
@@ -1 +1,42 @@
|
|||||||
package models
|
package models
|
||||||
|
|
||||||
|
import stringutil "github.com/iwind/TeaGo/utils/string"
|
||||||
|
|
||||||
|
// 弱密码集合
|
||||||
|
var weakPasswords = []string{}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
// 初始化弱密码集合
|
||||||
|
for _, password := range []string{
|
||||||
|
"123",
|
||||||
|
"1234",
|
||||||
|
"12345",
|
||||||
|
"123456",
|
||||||
|
"12345678",
|
||||||
|
"123456789",
|
||||||
|
"000000",
|
||||||
|
"111111",
|
||||||
|
"666666",
|
||||||
|
"888888",
|
||||||
|
"654321",
|
||||||
|
"123456789",
|
||||||
|
"password",
|
||||||
|
"qwerty",
|
||||||
|
"admin",
|
||||||
|
} {
|
||||||
|
weakPasswords = append(weakPasswords, stringutil.Md5(password))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (this *Admin) HasWeakPassword() bool {
|
||||||
|
if len(this.Password) == 0 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, weakPassword := range weakPasswords {
|
||||||
|
if weakPassword == this.Password {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|||||||
@@ -127,7 +127,7 @@ func (this *AdminService) FindAdminFullname(ctx context.Context, req *pb.FindAdm
|
|||||||
|
|
||||||
// FindEnabledAdmin 获取管理员信息
|
// FindEnabledAdmin 获取管理员信息
|
||||||
func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnabledAdminRequest) (*pb.FindEnabledAdminResponse, error) {
|
func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnabledAdminRequest) (*pb.FindEnabledAdminResponse, error) {
|
||||||
_, err := this.ValidateAdmin(ctx)
|
adminId, err := this.ValidateAdmin(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@@ -136,6 +136,12 @@ func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnab
|
|||||||
|
|
||||||
var tx = this.NullTx()
|
var tx = this.NullTx()
|
||||||
|
|
||||||
|
// 超级管理员才能查看是否为弱密码
|
||||||
|
isSuperAdmin, err := models.SharedAdminDAO.CheckSuperAdmin(tx, adminId)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
admin, err := models.SharedAdminDAO.FindEnabledAdmin(tx, req.AdminId)
|
admin, err := models.SharedAdminDAO.FindEnabledAdmin(tx, req.AdminId)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@@ -144,7 +150,7 @@ func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnab
|
|||||||
return &pb.FindEnabledAdminResponse{Admin: nil}, nil
|
return &pb.FindEnabledAdminResponse{Admin: nil}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
pbModules := []*pb.AdminModule{}
|
var pbModules = []*pb.AdminModule{}
|
||||||
modules := []*systemconfigs.AdminModule{}
|
modules := []*systemconfigs.AdminModule{}
|
||||||
if len(admin.Modules) > 0 {
|
if len(admin.Modules) > 0 {
|
||||||
err = json.Unmarshal(admin.Modules, &modules)
|
err = json.Unmarshal(admin.Modules, &modules)
|
||||||
@@ -186,6 +192,7 @@ func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnab
|
|||||||
Modules: pbModules,
|
Modules: pbModules,
|
||||||
OtpLogin: pbOtpAuth,
|
OtpLogin: pbOtpAuth,
|
||||||
CanLogin: admin.CanLogin,
|
CanLogin: admin.CanLogin,
|
||||||
|
HasWeakPassword: isSuperAdmin && admin.HasWeakPassword(),
|
||||||
}
|
}
|
||||||
return &pb.FindEnabledAdminResponse{Admin: result}, nil
|
return &pb.FindEnabledAdminResponse{Admin: result}, nil
|
||||||
}
|
}
|
||||||
@@ -347,7 +354,7 @@ func (this *AdminService) UpdateAdmin(ctx context.Context, req *pb.UpdateAdminRe
|
|||||||
|
|
||||||
// CountAllEnabledAdmins 计算管理员数量
|
// CountAllEnabledAdmins 计算管理员数量
|
||||||
func (this *AdminService) CountAllEnabledAdmins(ctx context.Context, req *pb.CountAllEnabledAdminsRequest) (*pb.RPCCountResponse, error) {
|
func (this *AdminService) CountAllEnabledAdmins(ctx context.Context, req *pb.CountAllEnabledAdminsRequest) (*pb.RPCCountResponse, error) {
|
||||||
_, err := this.ValidateAdmin(ctx)
|
adminId, err := this.ValidateAdmin(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@@ -356,7 +363,13 @@ func (this *AdminService) CountAllEnabledAdmins(ctx context.Context, req *pb.Cou
|
|||||||
|
|
||||||
var tx = this.NullTx()
|
var tx = this.NullTx()
|
||||||
|
|
||||||
count, err := models.SharedAdminDAO.CountAllEnabledAdmins(tx)
|
// 超级管理员才能查看是否为弱密码
|
||||||
|
isSuperAdmin, err := models.SharedAdminDAO.CheckSuperAdmin(tx, adminId)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
count, err := models.SharedAdminDAO.CountAllEnabledAdmins(tx, req.Keyword, isSuperAdmin && req.HasWeakPassword)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@@ -365,7 +378,7 @@ func (this *AdminService) CountAllEnabledAdmins(ctx context.Context, req *pb.Cou
|
|||||||
|
|
||||||
// ListEnabledAdmins 列出单页的管理员
|
// ListEnabledAdmins 列出单页的管理员
|
||||||
func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEnabledAdminsRequest) (*pb.ListEnabledAdminsResponse, error) {
|
func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEnabledAdminsRequest) (*pb.ListEnabledAdminsResponse, error) {
|
||||||
_, err := this.ValidateAdmin(ctx)
|
adminId, err := this.ValidateAdmin(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@@ -374,12 +387,18 @@ func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEna
|
|||||||
|
|
||||||
var tx = this.NullTx()
|
var tx = this.NullTx()
|
||||||
|
|
||||||
admins, err := models.SharedAdminDAO.ListEnabledAdmins(tx, req.Offset, req.Size)
|
// 超级管理员才能查看是否为弱密码
|
||||||
|
isSuperAdmin, err := models.SharedAdminDAO.CheckSuperAdmin(tx, adminId)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
result := []*pb.Admin{}
|
admins, err := models.SharedAdminDAO.ListEnabledAdmins(tx, req.Keyword, isSuperAdmin && req.HasWeakPassword, req.Offset, req.Size)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
var result = []*pb.Admin{}
|
||||||
for _, admin := range admins {
|
for _, admin := range admins {
|
||||||
var pbOtpAuth *pb.Login = nil
|
var pbOtpAuth *pb.Login = nil
|
||||||
{
|
{
|
||||||
@@ -406,6 +425,7 @@ func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEna
|
|||||||
CreatedAt: int64(admin.CreatedAt),
|
CreatedAt: int64(admin.CreatedAt),
|
||||||
OtpLogin: pbOtpAuth,
|
OtpLogin: pbOtpAuth,
|
||||||
CanLogin: admin.CanLogin,
|
CanLogin: admin.CanLogin,
|
||||||
|
HasWeakPassword: isSuperAdmin && admin.HasWeakPassword(),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user