From 5b2c965831c17994768b2f17a338b0787f44445a Mon Sep 17 00:00:00 2001 From: GoEdgeLab Date: Tue, 4 Apr 2023 17:26:08 +0800 Subject: [PATCH] =?UTF-8?q?=E8=87=AA=E5=8A=A8=E6=A3=80=E6=9F=A5=E7=AE=A1?= =?UTF-8?q?=E7=90=86=E5=91=98=E5=BC=B1=E5=AF=86=E7=A0=81=E5=B9=B6=E6=8F=90?= =?UTF-8?q?=E9=86=92?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/db/models/admin_dao.go | 40 ++++++++++++++-- internal/db/models/admin_model_ext.go | 41 ++++++++++++++++ internal/rpc/services/service_admin.go | 66 +++++++++++++++++--------- 3 files changed, 119 insertions(+), 28 deletions(-) diff --git a/internal/db/models/admin_dao.go b/internal/db/models/admin_dao.go index 9cf19f33..911360b9 100644 --- a/internal/db/models/admin_dao.go +++ b/internal/db/models/admin_dao.go @@ -1,6 +1,7 @@ package models import ( + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" _ "github.com/go-sql-driver/mysql" "github.com/iwind/TeaGo/Tea" @@ -266,17 +267,34 @@ func (this *AdminDAO) FindAllAdminModules(tx *dbs.Tx) (result []*Admin, err erro } // CountAllEnabledAdmins 计算所有管理员数量 -func (this *AdminDAO) CountAllEnabledAdmins(tx *dbs.Tx) (int64, error) { - return this.Query(tx). +func (this *AdminDAO) CountAllEnabledAdmins(tx *dbs.Tx, keyword string, hasWeakPasswords bool) (int64, error) { + var query = this.Query(tx) + if len(keyword) > 0 { + query.Where("(username LIKE :keyword OR fullname LIKE :keyword)") + query.Param("keyword", dbutils.QuoteLike(keyword)) + } + if hasWeakPasswords { + query.Attr("password", weakPasswords) + } + return query. State(AdminStateEnabled). Count() } // ListEnabledAdmins 列出单页的管理员 -func (this *AdminDAO) ListEnabledAdmins(tx *dbs.Tx, offset int64, size int64) (result []*Admin, err error) { - _, err = this.Query(tx). +func (this *AdminDAO) ListEnabledAdmins(tx *dbs.Tx, keyword string, hasWeakPasswords bool, offset int64, size int64) (result []*Admin, err error) { + var query = this.Query(tx) + if len(keyword) > 0 { + query.Where("(username LIKE :keyword OR fullname LIKE :keyword)") + query.Param("keyword", dbutils.QuoteLike(keyword)) + } + if hasWeakPasswords { + query.Attr("password", weakPasswords) + } + + _, err = query. State(AdminStateEnabled). - Result("id", "isOn", "username", "fullname", "isSuper", "createdAt", "canLogin"). + Result("id", "isOn", "username", "fullname", "isSuper", "createdAt", "canLogin", "password"). Offset(offset). Limit(size). DescPk(). @@ -292,3 +310,15 @@ func (this *AdminDAO) UpdateAdminTheme(tx *dbs.Tx, adminId int64, theme string) Set("theme", theme). UpdateQuickly() } + +// CheckSuperAdmin 检查管理员是否为超级管理员 +func (this *AdminDAO) CheckSuperAdmin(tx *dbs.Tx, adminId int64) (bool, error) { + if adminId <= 0 { + return false, nil + } + return this.Query(tx). + Pk(adminId). + State(AdminStateEnabled). + Attr("isSuper", true). + Exist() +} diff --git a/internal/db/models/admin_model_ext.go b/internal/db/models/admin_model_ext.go index 2640e7f9..6196b751 100644 --- a/internal/db/models/admin_model_ext.go +++ b/internal/db/models/admin_model_ext.go @@ -1 +1,42 @@ package models + +import stringutil "github.com/iwind/TeaGo/utils/string" + +// 弱密码集合 +var weakPasswords = []string{} + +func init() { + // 初始化弱密码集合 + for _, password := range []string{ + "123", + "1234", + "12345", + "123456", + "12345678", + "123456789", + "000000", + "111111", + "666666", + "888888", + "654321", + "123456789", + "password", + "qwerty", + "admin", + } { + weakPasswords = append(weakPasswords, stringutil.Md5(password)) + } +} + +func (this *Admin) HasWeakPassword() bool { + if len(this.Password) == 0 { + return false + } + + for _, weakPassword := range weakPasswords { + if weakPassword == this.Password { + return true + } + } + return false +} diff --git a/internal/rpc/services/service_admin.go b/internal/rpc/services/service_admin.go index 14397ef0..2bd951bf 100644 --- a/internal/rpc/services/service_admin.go +++ b/internal/rpc/services/service_admin.go @@ -127,7 +127,7 @@ func (this *AdminService) FindAdminFullname(ctx context.Context, req *pb.FindAdm // FindEnabledAdmin 获取管理员信息 func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnabledAdminRequest) (*pb.FindEnabledAdminResponse, error) { - _, err := this.ValidateAdmin(ctx) + adminId, err := this.ValidateAdmin(ctx) if err != nil { return nil, err } @@ -136,6 +136,12 @@ func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnab var tx = this.NullTx() + // 超级管理员才能查看是否为弱密码 + isSuperAdmin, err := models.SharedAdminDAO.CheckSuperAdmin(tx, adminId) + if err != nil { + return nil, err + } + admin, err := models.SharedAdminDAO.FindEnabledAdmin(tx, req.AdminId) if err != nil { return nil, err @@ -144,7 +150,7 @@ func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnab return &pb.FindEnabledAdminResponse{Admin: nil}, nil } - pbModules := []*pb.AdminModule{} + var pbModules = []*pb.AdminModule{} modules := []*systemconfigs.AdminModule{} if len(admin.Modules) > 0 { err = json.Unmarshal(admin.Modules, &modules) @@ -178,14 +184,15 @@ func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnab } result := &pb.Admin{ - Id: int64(admin.Id), - Fullname: admin.Fullname, - Username: admin.Username, - IsOn: admin.IsOn, - IsSuper: admin.IsSuper, - Modules: pbModules, - OtpLogin: pbOtpAuth, - CanLogin: admin.CanLogin, + Id: int64(admin.Id), + Fullname: admin.Fullname, + Username: admin.Username, + IsOn: admin.IsOn, + IsSuper: admin.IsSuper, + Modules: pbModules, + OtpLogin: pbOtpAuth, + CanLogin: admin.CanLogin, + HasWeakPassword: isSuperAdmin && admin.HasWeakPassword(), } return &pb.FindEnabledAdminResponse{Admin: result}, nil } @@ -347,7 +354,7 @@ func (this *AdminService) UpdateAdmin(ctx context.Context, req *pb.UpdateAdminRe // CountAllEnabledAdmins 计算管理员数量 func (this *AdminService) CountAllEnabledAdmins(ctx context.Context, req *pb.CountAllEnabledAdminsRequest) (*pb.RPCCountResponse, error) { - _, err := this.ValidateAdmin(ctx) + adminId, err := this.ValidateAdmin(ctx) if err != nil { return nil, err } @@ -356,7 +363,13 @@ func (this *AdminService) CountAllEnabledAdmins(ctx context.Context, req *pb.Cou var tx = this.NullTx() - count, err := models.SharedAdminDAO.CountAllEnabledAdmins(tx) + // 超级管理员才能查看是否为弱密码 + isSuperAdmin, err := models.SharedAdminDAO.CheckSuperAdmin(tx, adminId) + if err != nil { + return nil, err + } + + count, err := models.SharedAdminDAO.CountAllEnabledAdmins(tx, req.Keyword, isSuperAdmin && req.HasWeakPassword) if err != nil { return nil, err } @@ -365,7 +378,7 @@ func (this *AdminService) CountAllEnabledAdmins(ctx context.Context, req *pb.Cou // ListEnabledAdmins 列出单页的管理员 func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEnabledAdminsRequest) (*pb.ListEnabledAdminsResponse, error) { - _, err := this.ValidateAdmin(ctx) + adminId, err := this.ValidateAdmin(ctx) if err != nil { return nil, err } @@ -374,12 +387,18 @@ func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEna var tx = this.NullTx() - admins, err := models.SharedAdminDAO.ListEnabledAdmins(tx, req.Offset, req.Size) + // 超级管理员才能查看是否为弱密码 + isSuperAdmin, err := models.SharedAdminDAO.CheckSuperAdmin(tx, adminId) if err != nil { return nil, err } - result := []*pb.Admin{} + admins, err := models.SharedAdminDAO.ListEnabledAdmins(tx, req.Keyword, isSuperAdmin && req.HasWeakPassword, req.Offset, req.Size) + if err != nil { + return nil, err + } + + var result = []*pb.Admin{} for _, admin := range admins { var pbOtpAuth *pb.Login = nil { @@ -398,14 +417,15 @@ func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEna } result = append(result, &pb.Admin{ - Id: int64(admin.Id), - Fullname: admin.Fullname, - Username: admin.Username, - IsOn: admin.IsOn, - IsSuper: admin.IsSuper, - CreatedAt: int64(admin.CreatedAt), - OtpLogin: pbOtpAuth, - CanLogin: admin.CanLogin, + Id: int64(admin.Id), + Fullname: admin.Fullname, + Username: admin.Username, + IsOn: admin.IsOn, + IsSuper: admin.IsSuper, + CreatedAt: int64(admin.CreatedAt), + OtpLogin: pbOtpAuth, + CanLogin: admin.CanLogin, + HasWeakPassword: isSuperAdmin && admin.HasWeakPassword(), }) }