阶段性提交

internal/db/models/http_auth_policy_dao.go

@@ -0,0 +1,135 @@
+package models
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+const (
+	HTTPAuthPolicyStateEnabled  = 1 // 已启用
+	HTTPAuthPolicyStateDisabled = 0 // 已禁用
+)
+
+type HTTPAuthPolicyDAO dbs.DAO
+
+func NewHTTPAuthPolicyDAO() *HTTPAuthPolicyDAO {
+	return dbs.NewDAO(&HTTPAuthPolicyDAO{
+		DAOObject: dbs.DAOObject{
+			DB:     Tea.Env,
+			Table:  "edgeHTTPAuthPolicies",
+			Model:  new(HTTPAuthPolicy),
+			PkName: "id",
+		},
+	}).(*HTTPAuthPolicyDAO)
+}
+
+var SharedHTTPAuthPolicyDAO *HTTPAuthPolicyDAO
+
+func init() {
+	dbs.OnReady(func() {
+		SharedHTTPAuthPolicyDAO = NewHTTPAuthPolicyDAO()
+	})
+}
+
+// EnableHTTPAuthPolicy 启用条目
+func (this *HTTPAuthPolicyDAO) EnableHTTPAuthPolicy(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", HTTPAuthPolicyStateEnabled).
+		Update()
+	return err
+}
+
+// DisableHTTPAuthPolicy 禁用条目
+func (this *HTTPAuthPolicyDAO) DisableHTTPAuthPolicy(tx *dbs.Tx, id int64) error {
+	_, err := this.Query(tx).
+		Pk(id).
+		Set("state", HTTPAuthPolicyStateDisabled).
+		Update()
+	return err
+}
+
+// FindEnabledHTTPAuthPolicy 查找启用中的条目
+func (this *HTTPAuthPolicyDAO) FindEnabledHTTPAuthPolicy(tx *dbs.Tx, id int64) (*HTTPAuthPolicy, error) {
+	result, err := this.Query(tx).
+		Pk(id).
+		Attr("state", HTTPAuthPolicyStateEnabled).
+		Find()
+	if result == nil {
+		return nil, err
+	}
+	return result.(*HTTPAuthPolicy), err
+}
+
+// CreateHTTPAuthPolicy 创建策略
+func (this *HTTPAuthPolicyDAO) CreateHTTPAuthPolicy(tx *dbs.Tx, name string, methodType string, paramsJSON []byte) (int64, error) {
+	op := NewHTTPAuthPolicyOperator()
+	op.Name = name
+	op.Type = methodType
+	op.Params = paramsJSON
+	op.IsOn = true
+	op.State = HTTPAuthPolicyStateEnabled
+	return this.SaveInt64(tx, op)
+}
+
+// UpdateHTTPAuthPolicy 修改策略
+func (this *HTTPAuthPolicyDAO) UpdateHTTPAuthPolicy(tx *dbs.Tx, policyId int64, name string, paramsJSON []byte, isOn bool) error {
+	if policyId <= 0 {
+		return errors.New("invalid policyId")
+	}
+	op := NewHTTPAuthPolicyOperator()
+	op.Id = policyId
+	op.Name = name
+	op.Params = paramsJSON
+	op.IsOn = isOn
+	err := this.Save(tx, op)
+	if err != nil {
+		return err
+	}
+	return this.NotifyUpdate(tx, policyId)
+}
+
+// ComposePolicyConfig 组合配置
+func (this *HTTPAuthPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64) (*serverconfigs.HTTPAuthPolicy, error) {
+	policy, err := this.FindEnabledHTTPAuthPolicy(tx, policyId)
+	if err != nil {
+		return nil, err
+	}
+	if policy == nil {
+		return nil, nil
+	}
+	var config = &serverconfigs.HTTPAuthPolicy{
+		Id:   int64(policy.Id),
+		Name: policy.Name,
+		IsOn: policy.IsOn == 1,
+		Type: policy.Type,
+	}
+
+	var params map[string]interface{}
+	if IsNotNull(policy.Params) {
+		err = json.Unmarshal([]byte(policy.Params), &params)
+		if err != nil {
+			return nil, err
+		}
+		config.Params = params
+	}
+	config.Params = params
+
+	return config, nil
+}
+
+// NotifyUpdate 通知更改
+func (this *HTTPAuthPolicyDAO) NotifyUpdate(tx *dbs.Tx, policyId int64) error {
+	webId, err := SharedHTTPWebDAO.FindEnabledWebIdWithHTTPAuthPolicyId(tx, policyId)
+	if err != nil {
+		return err
+	}
+	if webId > 0 {
+		return SharedHTTPWebDAO.NotifyUpdate(tx, webId)
+	}
+	return nil
+}

internal/db/models/http_auth_policy_dao_test.go

@@ -0,0 +1,6 @@
+package models
+
+import (
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/iwind/TeaGo/bootstrap"
+)

internal/db/models/http_auth_policy_model.go

@@ -0,0 +1,28 @@
+package models
+
+// HTTPAuthPolicy HTTP认证策略
+type HTTPAuthPolicy struct {
+	Id      uint64 `field:"id"`      // ID
+	AdminId uint32 `field:"adminId"` // 管理员ID
+	UserId  uint32 `field:"userId"`  // 用户ID
+	IsOn    uint8  `field:"isOn"`    // 是否启用
+	Name    string `field:"name"`    // 名称
+	Type    string `field:"type"`    // 类型
+	Params  string `field:"params"`  // 参数
+	State   uint8  `field:"state"`   // 状态
+}
+
+type HTTPAuthPolicyOperator struct {
+	Id      interface{} // ID
+	AdminId interface{} // 管理员ID
+	UserId  interface{} // 用户ID
+	IsOn    interface{} // 是否启用
+	Name    interface{} // 名称
+	Type    interface{} // 类型
+	Params  interface{} // 参数
+	State   interface{} // 状态
+}
+
+func NewHTTPAuthPolicyOperator() *HTTPAuthPolicyOperator {
+	return &HTTPAuthPolicyOperator{}
+}

internal/db/models/http_auth_policy_model_ext.go

@@ -0,0 +1 @@
+package models

internal/db/models/http_web_dao.go

@@ -347,6 +347,27 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64) (*serverconfig
 		}
 	}
 
+	// 认证
+	if IsNotNull(web.Auth) {
+		authConfig := &serverconfigs.HTTPAuthConfig{}
+		err = json.Unmarshal([]byte(web.Auth), authConfig)
+		if err != nil {
+			return nil, err
+		}
+		var newRefs []*serverconfigs.HTTPAuthPolicyRef
+		for _, ref := range authConfig.PolicyRefs {
+			policyConfig, err := SharedHTTPAuthPolicyDAO.ComposePolicyConfig(tx, ref.AuthPolicyId)
+			if err != nil {
+				return nil, err
+			}
+			if policyConfig != nil {
+				ref.AuthPolicy = policyConfig
+				newRefs = append(newRefs, ref)
+			}
+		}
+		config.Auth = authConfig
+	}
+
 	return config, nil
 }
 
@@ -622,6 +643,22 @@ func (this *HTTPWebDAO) UpdateWebRewriteRules(tx *dbs.Tx, webId int64, rewriteRu
 	return this.NotifyUpdate(tx, webId)
 }
 
+// UpdateWebAuth 修改认证信息
+func (this *HTTPWebDAO) UpdateWebAuth(tx *dbs.Tx, webId int64, authJSON []byte) error {
+	if webId <= 0 {
+		return errors.New("invalid webId")
+	}
+	op := NewHTTPWebOperator()
+	op.Id = webId
+	op.Auth = JSONBytes(authJSON)
+	err := this.Save(tx, op)
+	if err != nil {
+		return err
+	}
+
+	return this.NotifyUpdate(tx, webId)
+}
+
 // FindAllWebIdsWithCachePolicyId 根据缓存策略ID查找所有的WebId
 func (this *HTTPWebDAO) FindAllWebIdsWithCachePolicyId(tx *dbs.Tx, cachePolicyId int64) ([]int64, error) {
 	ones, err := this.Query(tx).
@@ -783,6 +820,16 @@ func (this *HTTPWebDAO) FindEnabledWebIdWithFastcgiId(tx *dbs.Tx, fastcgiId int6
 		FindInt64Col(0)
 }
 
+// FindEnabledWebIdWithHTTPAuthPolicyId 查找包含某个认证策略的Web
+func (this *HTTPWebDAO) FindEnabledWebIdWithHTTPAuthPolicyId(tx *dbs.Tx, httpAuthPolicyId int64) (webId int64, err error) {
+	return this.Query(tx).
+		State(HTTPWebStateEnabled).
+		ResultPk().
+		Where("JSON_CONTAINS(auth, :jsonQuery, '$.policyRefs')").
+		Param("jsonQuery", maps.Map{"authPolicyId": httpAuthPolicyId}.AsJSON()).
+		FindInt64Col(0)
+}
+
 // FindWebServerId 查找使用此Web的Server
 func (this *HTTPWebDAO) FindWebServerId(tx *dbs.Tx, webId int64) (serverId int64, err error) {
 	if webId <= 0 {

internal/db/models/http_web_model.go

@@ -28,6 +28,7 @@ type HTTPWeb struct {
 	RewriteRules       string `field:"rewriteRules"`       // 重写规则配置
 	HostRedirects      string `field:"hostRedirects"`      // 域名跳转
 	Fastcgi            string `field:"fastcgi"`            // Fastcgi配置
+	Auth               string `field:"auth"`               // 认证策略配置
 }
 
 type HTTPWebOperator struct {
@@ -57,6 +58,7 @@ type HTTPWebOperator struct {
 	RewriteRules       interface{} // 重写规则配置
 	HostRedirects      interface{} // 域名跳转
 	Fastcgi            interface{} // Fastcgi配置
+	Auth               interface{} // 认证策略配置
 }
 
 func NewHTTPWebOperator() *HTTPWebOperator {

internal/nodes/api_node_services.go

@@ -96,4 +96,5 @@ func (this *APINode) registerServices(server *grpc.Server) {
 	pb.RegisterNSRecordServiceServer(server, &nameservers.NSRecordService{})
 	pb.RegisterNSRouteServiceServer(server, &nameservers.NSRouteService{})
 	pb.RegisterNSAccessLogServiceServer(server, &nameservers.NSAccessLogService{})
+	pb.RegisterHTTPAuthPolicyServiceServer(server, &services.HTTPAuthPolicyService{})
 }

internal/rpc/services/service_http_auth_policy.go

@@ -0,0 +1,69 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package services
+
+import (
+	"context"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+// HTTPAuthPolicyService 服务认证策略服务
+type HTTPAuthPolicyService struct {
+	BaseService
+}
+
+// CreateHTTPAuthPolicy 创建策略
+func (this *HTTPAuthPolicyService) CreateHTTPAuthPolicy(ctx context.Context, req *pb.CreateHTTPAuthPolicyRequest) (*pb.CreateHTTPAuthPolicyResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	policyId, err := models.SharedHTTPAuthPolicyDAO.CreateHTTPAuthPolicy(tx, req.Name, req.Type, req.ParamsJSON)
+	if err != nil {
+		return nil, err
+	}
+	return &pb.CreateHTTPAuthPolicyResponse{HttpAuthPolicyId: policyId}, nil
+}
+
+// UpdateHTTPAuthPolicy 修改策略
+func (this *HTTPAuthPolicyService) UpdateHTTPAuthPolicy(ctx context.Context, req *pb.UpdateHTTPAuthPolicyRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	err = models.SharedHTTPAuthPolicyDAO.UpdateHTTPAuthPolicy(tx, req.HttpAuthPolicyId, req.Name, req.ParamsJSON, req.IsOn)
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}
+
+// FindEnabledHTTPAuthPolicy 查找策略信息
+func (this *HTTPAuthPolicyService) FindEnabledHTTPAuthPolicy(ctx context.Context, req *pb.FindEnabledHTTPAuthPolicyRequest) (*pb.FindEnabledHTTPAuthPolicyResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	policy, err := models.SharedHTTPAuthPolicyDAO.FindEnabledHTTPAuthPolicy(tx, req.HttpAuthPolicyId)
+	if err != nil {
+		return nil, err
+	}
+	if policy == nil {
+		return &pb.FindEnabledHTTPAuthPolicyResponse{HttpAuthPolicy: nil}, nil
+	}
+
+	return &pb.FindEnabledHTTPAuthPolicyResponse{HttpAuthPolicy: &pb.HTTPAuthPolicy{
+		Id:         int64(policy.Id),
+		IsOn:       policy.IsOn == 1,
+		Name:       policy.Name,
+		Type:       policy.Type,
+		ParamsJSON: []byte(policy.Params),
+	}}, nil
+}

internal/rpc/services/service_http_web.go

@@ -561,3 +561,26 @@ func (this *HTTPWebService) FindHTTPWebHostRedirects(ctx context.Context, req *p
 	}
 	return &pb.FindHTTPWebHostRedirectsResponse{HostRedirectsJSON: redirectsJSON}, nil
 }
+
+// UpdateHTTPWebAuth 更改认证设置
+func (this *HTTPWebService) UpdateHTTPWebAuth(ctx context.Context, req *pb.UpdateHTTPWebAuthRequest) (*pb.RPCSuccess, error) {
+	// 校验请求
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	if userId > 0 {
+		err = models.SharedHTTPWebDAO.CheckUserWeb(nil, userId, req.WebId)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	var tx *dbs.Tx
+	err = models.SharedHTTPWebDAO.UpdateWebAuth(tx, req.WebId, req.AuthJSON)
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}

internal/rpc/services/service_server_daily_stat.go

@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models/stats"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	timeutil "github.com/iwind/TeaGo/utils/time"
+	"math"
 	"time"
 )
 
@@ -144,8 +145,8 @@ func (this *ServerDailyStatService) FindLatestServerMinutelyStats(ctx context.Co
 					Minute:              minuteString,
 					Bytes:               stat.Bytes / avgRatio,
 					CachedBytes:         stat.CachedBytes / avgRatio,
-					CountRequests:       stat.CountRequests / avgRatio,
-					CountCachedRequests: stat.CountCachedRequests / avgRatio,
+					CountRequests:       int64(math.Ceil(float64(stat.CountRequests) / float64(avgRatio))),
+					CountCachedRequests: int64(math.Ceil(float64(stat.CountCachedRequests) / float64(avgRatio))),
 				}
 				result = append(result, pbStat)
 				cache[queryMinuteString] = pbStat