diff --git a/internal/db/models/server_dao.go b/internal/db/models/server_dao.go index 56aae306..703cfc21 100644 --- a/internal/db/models/server_dao.go +++ b/internal/db/models/server_dao.go @@ -486,6 +486,10 @@ func (this *ServerDAO) UpdateServerNames(serverId int64, serverNames []byte) err serverNames = []byte("[]") } op.ServerNames = serverNames + err := this.Save(op) + if err != nil { + return err + } return this.createEvent() } @@ -503,7 +507,11 @@ func (this *ServerDAO) UpdateAuditingServerNames(serverId int64, isAuditing bool } else { op.AuditingServerNames = auditingServerNamesJSON } - + op.AuditingResult = `{"isOk":true}` + err := this.Save(op) + if err != nil { + return err + } return this.createEvent() } diff --git a/internal/rpc/services/service_http_header.go b/internal/rpc/services/service_http_header.go index 07670889..a445138c 100644 --- a/internal/rpc/services/service_http_header.go +++ b/internal/rpc/services/service_http_header.go @@ -4,7 +4,6 @@ import ( "context" "encoding/json" "github.com/TeaOSLab/EdgeAPI/internal/db/models" - rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" ) @@ -14,11 +13,16 @@ type HTTPHeaderService struct { // 创建Header func (this *HTTPHeaderService) CreateHTTPHeader(ctx context.Context, req *pb.CreateHTTPHeaderRequest) (*pb.CreateHTTPHeaderResponse, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + // 校验请求 + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + headerId, err := models.SharedHTTPHeaderDAO.CreateHeader(req.Name, req.Value) if err != nil { return nil, err @@ -29,11 +33,16 @@ func (this *HTTPHeaderService) CreateHTTPHeader(ctx context.Context, req *pb.Cre // 修改Header func (this *HTTPHeaderService) UpdateHTTPHeader(ctx context.Context, req *pb.UpdateHTTPHeaderRequest) (*pb.RPCSuccess, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + // 校验请求 + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPHeaderDAO.UpdateHeader(req.HeaderId, req.Name, req.Value) if err != nil { return nil, err @@ -44,11 +53,16 @@ func (this *HTTPHeaderService) UpdateHTTPHeader(ctx context.Context, req *pb.Upd // 查找配置 func (this *HTTPHeaderService) FindEnabledHTTPHeaderConfig(ctx context.Context, req *pb.FindEnabledHTTPHeaderConfigRequest) (*pb.FindEnabledHTTPHeaderConfigResponse, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + // 校验请求 + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + config, err := models.SharedHTTPHeaderDAO.ComposeHeaderConfig(req.HeaderId) if err != nil { return nil, err diff --git a/internal/rpc/services/service_http_header_policy.go b/internal/rpc/services/service_http_header_policy.go index 76895cb1..e46c2ae0 100644 --- a/internal/rpc/services/service_http_header_policy.go +++ b/internal/rpc/services/service_http_header_policy.go @@ -4,7 +4,6 @@ import ( "context" "encoding/json" "github.com/TeaOSLab/EdgeAPI/internal/db/models" - rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" ) @@ -14,7 +13,7 @@ type HTTPHeaderPolicyService struct { // 查找策略配置 func (this *HTTPHeaderPolicyService) FindEnabledHTTPHeaderPolicyConfig(ctx context.Context, req *pb.FindEnabledHTTPHeaderPolicyConfigRequest) (*pb.FindEnabledHTTPHeaderPolicyConfigResponse, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } @@ -34,7 +33,7 @@ func (this *HTTPHeaderPolicyService) FindEnabledHTTPHeaderPolicyConfig(ctx conte // 创建策略 func (this *HTTPHeaderPolicyService) CreateHTTPHeaderPolicy(ctx context.Context, req *pb.CreateHTTPHeaderPolicyRequest) (*pb.CreateHTTPHeaderPolicyResponse, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } @@ -49,7 +48,7 @@ func (this *HTTPHeaderPolicyService) CreateHTTPHeaderPolicy(ctx context.Context, // 修改AddHeaders func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyAddingHeaders(ctx context.Context, req *pb.UpdateHTTPHeaderPolicyAddingHeadersRequest) (*pb.RPCSuccess, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } @@ -64,7 +63,7 @@ func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyAddingHeaders(ctx con // 修改SetHeaders func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicySettingHeaders(ctx context.Context, req *pb.UpdateHTTPHeaderPolicySettingHeadersRequest) (*pb.RPCSuccess, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } @@ -79,7 +78,7 @@ func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicySettingHeaders(ctx co // 修改AddTrailers func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyAddingTrailers(ctx context.Context, req *pb.UpdateHTTPHeaderPolicyAddingTrailersRequest) (*pb.RPCSuccess, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } @@ -94,7 +93,7 @@ func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyAddingTrailers(ctx co // 修改ReplaceHeaders func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyReplacingHeaders(ctx context.Context, req *pb.UpdateHTTPHeaderPolicyReplacingHeadersRequest) (*pb.RPCSuccess, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } @@ -109,7 +108,7 @@ func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyReplacingHeaders(ctx // 修改删除的Headers func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyDeletingHeaders(ctx context.Context, req *pb.UpdateHTTPHeaderPolicyDeletingHeadersRequest) (*pb.RPCSuccess, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } diff --git a/internal/rpc/services/service_http_web.go b/internal/rpc/services/service_http_web.go index f617a4f8..e5110410 100644 --- a/internal/rpc/services/service_http_web.go +++ b/internal/rpc/services/service_http_web.go @@ -4,7 +4,6 @@ import ( "context" "encoding/json" "github.com/TeaOSLab/EdgeAPI/internal/db/models" - rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" ) @@ -31,11 +30,15 @@ func (this *HTTPWebService) CreateHTTPWeb(ctx context.Context, req *pb.CreateHTT // 查找Web配置 func (this *HTTPWebService) FindEnabledHTTPWeb(ctx context.Context, req *pb.FindEnabledHTTPWebRequest) (*pb.FindEnabledHTTPWebResponse, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + web, err := models.SharedHTTPWebDAO.FindEnabledHTTPWeb(req.WebId) if err != nil { return nil, err @@ -54,11 +57,15 @@ func (this *HTTPWebService) FindEnabledHTTPWeb(ctx context.Context, req *pb.Find // 查找Web配置 func (this *HTTPWebService) FindEnabledHTTPWebConfig(ctx context.Context, req *pb.FindEnabledHTTPWebConfigRequest) (*pb.FindEnabledHTTPWebConfigResponse, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + config, err := models.SharedHTTPWebDAO.ComposeWebConfig(req.WebId) if err != nil { return nil, err @@ -74,11 +81,15 @@ func (this *HTTPWebService) FindEnabledHTTPWebConfig(ctx context.Context, req *p // 修改Web配置 func (this *HTTPWebService) UpdateHTTPWeb(ctx context.Context, req *pb.UpdateHTTPWebRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWeb(req.WebId, req.RootJSON) if err != nil { return nil, err @@ -90,11 +101,15 @@ func (this *HTTPWebService) UpdateHTTPWeb(ctx context.Context, req *pb.UpdateHTT // 修改Gzip配置 func (this *HTTPWebService) UpdateHTTPWebGzip(ctx context.Context, req *pb.UpdateHTTPWebGzipRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebGzip(req.WebId, req.GzipJSON) if err != nil { return nil, err @@ -106,11 +121,15 @@ func (this *HTTPWebService) UpdateHTTPWebGzip(ctx context.Context, req *pb.Updat // 修改字符集配置 func (this *HTTPWebService) UpdateHTTPWebCharset(ctx context.Context, req *pb.UpdateHTTPWebCharsetRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebCharset(req.WebId, req.CharsetJSON) if err != nil { return nil, err @@ -121,11 +140,15 @@ func (this *HTTPWebService) UpdateHTTPWebCharset(ctx context.Context, req *pb.Up // 更改请求Header策略 func (this *HTTPWebService) UpdateHTTPWebRequestHeader(ctx context.Context, req *pb.UpdateHTTPWebRequestHeaderRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebRequestHeaderPolicy(req.WebId, req.HeaderJSON) if err != nil { return nil, err @@ -137,11 +160,15 @@ func (this *HTTPWebService) UpdateHTTPWebRequestHeader(ctx context.Context, req // 更改响应Header策略 func (this *HTTPWebService) UpdateHTTPWebResponseHeader(ctx context.Context, req *pb.UpdateHTTPWebResponseHeaderRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebResponseHeaderPolicy(req.WebId, req.HeaderJSON) if err != nil { return nil, err @@ -153,11 +180,15 @@ func (this *HTTPWebService) UpdateHTTPWebResponseHeader(ctx context.Context, req // 更改Shutdown func (this *HTTPWebService) UpdateHTTPWebShutdown(ctx context.Context, req *pb.UpdateHTTPWebShutdownRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebShutdown(req.WebId, req.ShutdownJSON) if err != nil { return nil, err @@ -168,11 +199,15 @@ func (this *HTTPWebService) UpdateHTTPWebShutdown(ctx context.Context, req *pb.U // 更改Pages func (this *HTTPWebService) UpdateHTTPWebPages(ctx context.Context, req *pb.UpdateHTTPWebPagesRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebPages(req.WebId, req.PagesJSON) if err != nil { return nil, err @@ -183,11 +218,15 @@ func (this *HTTPWebService) UpdateHTTPWebPages(ctx context.Context, req *pb.Upda // 更改访问日志配置 func (this *HTTPWebService) UpdateHTTPWebAccessLog(ctx context.Context, req *pb.UpdateHTTPWebAccessLogRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebAccessLogConfig(req.WebId, req.AccessLogJSON) if err != nil { return nil, err @@ -198,11 +237,15 @@ func (this *HTTPWebService) UpdateHTTPWebAccessLog(ctx context.Context, req *pb. // 更改统计配置 func (this *HTTPWebService) UpdateHTTPWebStat(ctx context.Context, req *pb.UpdateHTTPWebStatRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebStat(req.WebId, req.StatJSON) if err != nil { return nil, err @@ -233,11 +276,15 @@ func (this *HTTPWebService) UpdateHTTPWebCache(ctx context.Context, req *pb.Upda // 更改防火墙设置 func (this *HTTPWebService) UpdateHTTPWebFirewall(ctx context.Context, req *pb.UpdateHTTPWebFirewallRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebFirewall(req.WebId, req.FirewallJSON) if err != nil { return nil, err @@ -249,11 +296,15 @@ func (this *HTTPWebService) UpdateHTTPWebFirewall(ctx context.Context, req *pb.U // 更改路径规则设置 func (this *HTTPWebService) UpdateHTTPWebLocations(ctx context.Context, req *pb.UpdateHTTPWebLocationsRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebLocations(req.WebId, req.LocationsJSON) if err != nil { return nil, err @@ -265,11 +316,13 @@ func (this *HTTPWebService) UpdateHTTPWebLocations(ctx context.Context, req *pb. // 更改跳转到HTTPS设置 func (this *HTTPWebService) UpdateHTTPWebRedirectToHTTPS(ctx context.Context, req *pb.UpdateHTTPWebRedirectToHTTPSRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + // TODO 检查权限 + err = models.SharedHTTPWebDAO.UpdateWebRedirectToHTTPS(req.WebId, req.RedirectToHTTPSJSON) if err != nil { return nil, err @@ -280,11 +333,13 @@ func (this *HTTPWebService) UpdateHTTPWebRedirectToHTTPS(ctx context.Context, re // 更改Websocket设置 func (this *HTTPWebService) UpdateHTTPWebWebsocket(ctx context.Context, req *pb.UpdateHTTPWebWebsocketRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + // TODO 检查权限 + err = models.SharedHTTPWebDAO.UpdateWebsocket(req.WebId, req.WebsocketJSON) if err != nil { return nil, err @@ -295,11 +350,15 @@ func (this *HTTPWebService) UpdateHTTPWebWebsocket(ctx context.Context, req *pb. // 更改重写规则设置 func (this *HTTPWebService) UpdateHTTPWebRewriteRules(ctx context.Context, req *pb.UpdateHTTPWebRewriteRulesRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查用户权限 + } + err = models.SharedHTTPWebDAO.UpdateWebRewriteRules(req.WebId, req.RewriteRulesJSON) if err != nil { return nil, err diff --git a/internal/rpc/services/service_http_websocket.go b/internal/rpc/services/service_http_websocket.go index 2aa7a5bc..dd7f9cb5 100644 --- a/internal/rpc/services/service_http_websocket.go +++ b/internal/rpc/services/service_http_websocket.go @@ -3,7 +3,6 @@ package services import ( "context" "github.com/TeaOSLab/EdgeAPI/internal/db/models" - rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" ) @@ -14,7 +13,7 @@ type HTTPWebsocketService struct { // 创建Websocket配置 func (this *HTTPWebsocketService) CreateHTTPWebsocket(ctx context.Context, req *pb.CreateHTTPWebsocketRequest) (*pb.CreateHTTPWebsocketResponse, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } @@ -29,11 +28,13 @@ func (this *HTTPWebsocketService) CreateHTTPWebsocket(ctx context.Context, req * // 修改Websocket配置 func (this *HTTPWebsocketService) UpdateHTTPWebsocket(ctx context.Context, req *pb.UpdateHTTPWebsocketRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, _, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + // TODO 用户不能修改别人的WebSocket设置 + err = models.SharedHTTPWebsocketDAO.UpdateWebsocket(req.WebsocketId, req.HandshakeTimeoutJSON, req.AllowAllOrigins, req.AllowedOrigins, req.RequestSameOrigin, req.RequestOrigin) if err != nil { return nil, err diff --git a/internal/rpc/services/service_origin.go b/internal/rpc/services/service_origin.go index 76f19ef7..537107ac 100644 --- a/internal/rpc/services/service_origin.go +++ b/internal/rpc/services/service_origin.go @@ -5,7 +5,6 @@ import ( "encoding/json" "errors" "github.com/TeaOSLab/EdgeAPI/internal/db/models" - rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" "github.com/iwind/TeaGo/maps" ) @@ -40,11 +39,14 @@ func (this *OriginService) CreateOrigin(ctx context.Context, req *pb.CreateOrigi // 修改源站 func (this *OriginService) UpdateOrigin(ctx context.Context, req *pb.UpdateOriginRequest) (*pb.RPCSuccess, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 校验权限 + } if req.Addr == nil { return nil, errors.New("'addr' can not be nil") } @@ -63,11 +65,15 @@ func (this *OriginService) UpdateOrigin(ctx context.Context, req *pb.UpdateOrigi // 查找单个源站信息 func (this *OriginService) FindEnabledOrigin(ctx context.Context, req *pb.FindEnabledOriginRequest) (*pb.FindEnabledOriginResponse, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 校验权限 + } + origin, err := models.SharedOriginDAO.FindEnabledOrigin(req.OriginId) if err != nil { return nil, err @@ -98,11 +104,15 @@ func (this *OriginService) FindEnabledOrigin(ctx context.Context, req *pb.FindEn // 查找源站配置 func (this *OriginService) FindEnabledOriginConfig(ctx context.Context, req *pb.FindEnabledOriginConfigRequest) (*pb.FindEnabledOriginConfigResponse, error) { - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 校验权限 + } + config, err := models.SharedOriginDAO.ComposeOriginConfig(req.OriginId) if err != nil { return nil, err diff --git a/internal/rpc/services/service_reverse_proxy.go b/internal/rpc/services/service_reverse_proxy.go index 00f88e0e..b7253525 100644 --- a/internal/rpc/services/service_reverse_proxy.go +++ b/internal/rpc/services/service_reverse_proxy.go @@ -4,7 +4,6 @@ import ( "context" "encoding/json" "github.com/TeaOSLab/EdgeAPI/internal/db/models" - rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" "github.com/iwind/TeaGo/types" ) @@ -36,11 +35,15 @@ func (this *ReverseProxyService) CreateReverseProxy(ctx context.Context, req *pb // 查找反向代理 func (this *ReverseProxyService) FindEnabledReverseProxy(ctx context.Context, req *pb.FindEnabledReverseProxyRequest) (*pb.FindEnabledReverseProxyResponse, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查权限 + } + reverseProxy, err := models.SharedReverseProxyDAO.FindEnabledReverseProxy(req.ReverseProxyId) if err != nil { return nil, err @@ -61,11 +64,15 @@ func (this *ReverseProxyService) FindEnabledReverseProxy(ctx context.Context, re // 查找反向代理配置 func (this *ReverseProxyService) FindEnabledReverseProxyConfig(ctx context.Context, req *pb.FindEnabledReverseProxyConfigRequest) (*pb.FindEnabledReverseProxyConfigResponse, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查权限 + } + config, err := models.SharedReverseProxyDAO.ComposeReverseProxyConfig(req.ReverseProxyId) if err != nil { return nil, err @@ -82,11 +89,15 @@ func (this *ReverseProxyService) FindEnabledReverseProxyConfig(ctx context.Conte // 修改反向代理调度算法 func (this *ReverseProxyService) UpdateReverseProxyScheduling(ctx context.Context, req *pb.UpdateReverseProxySchedulingRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查权限 + } + err = models.SharedReverseProxyDAO.UpdateReverseProxyScheduling(req.ReverseProxyId, req.SchedulingJSON) if err != nil { return nil, err @@ -98,11 +109,15 @@ func (this *ReverseProxyService) UpdateReverseProxyScheduling(ctx context.Contex // 修改主要源站信息 func (this *ReverseProxyService) UpdateReverseProxyPrimaryOrigins(ctx context.Context, req *pb.UpdateReverseProxyPrimaryOriginsRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查权限 + } + err = models.SharedReverseProxyDAO.UpdateReverseProxyPrimaryOrigins(req.ReverseProxyId, req.OriginsJSON) if err != nil { return nil, err @@ -114,11 +129,15 @@ func (this *ReverseProxyService) UpdateReverseProxyPrimaryOrigins(ctx context.Co // 修改备用源站信息 func (this *ReverseProxyService) UpdateReverseProxyBackupOrigins(ctx context.Context, req *pb.UpdateReverseProxyBackupOriginsRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 检查权限 + } + err = models.SharedReverseProxyDAO.UpdateReverseProxyBackupOrigins(req.ReverseProxyId, req.OriginsJSON) if err != nil { return nil, err diff --git a/internal/rpc/services/service_server.go b/internal/rpc/services/service_server.go index 986c6f81..bc097462 100644 --- a/internal/rpc/services/service_server.go +++ b/internal/rpc/services/service_server.go @@ -75,7 +75,7 @@ func (this *ServerService) CreateServer(ctx context.Context, req *pb.CreateServe // 修改服务基本信息 func (this *ServerService) UpdateServerBasic(ctx context.Context, req *pb.UpdateServerBasicRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, err := this.ValidateAdmin(ctx, 0) if err != nil { return nil, err } @@ -148,26 +148,20 @@ func (this *ServerService) UpdateServerIsOn(ctx context.Context, req *pb.UpdateS // 修改HTTP服务 func (this *ServerService) UpdateServerHTTP(ctx context.Context, req *pb.UpdateServerHTTPRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } - if req.ServerId <= 0 { - return nil, errors.New("invalid serverId") - } - - // 查询老的节点信息 - server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId) - if err != nil { - return nil, err - } - if server == nil { - return nil, errors.New("can not find server") + if userId > 0 { + err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId) + if err != nil { + return nil, err + } } // 修改配置 - err = models.SharedServerDAO.UpdateServerHTTP(req.ServerId, req.Config) + err = models.SharedServerDAO.UpdateServerHTTP(req.ServerId, req.HttpJSON) if err != nil { return nil, err } @@ -178,26 +172,20 @@ func (this *ServerService) UpdateServerHTTP(ctx context.Context, req *pb.UpdateS // 修改HTTPS服务 func (this *ServerService) UpdateServerHTTPS(ctx context.Context, req *pb.UpdateServerHTTPSRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } - if req.ServerId <= 0 { - return nil, errors.New("invalid serverId") - } - - // 查询老的节点信息 - server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId) - if err != nil { - return nil, err - } - if server == nil { - return nil, errors.New("can not find server") + if userId > 0 { + err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId) + if err != nil { + return nil, err + } } // 修改配置 - err = models.SharedServerDAO.UpdateServerHTTPS(req.ServerId, req.Config) + err = models.SharedServerDAO.UpdateServerHTTPS(req.ServerId, req.HttpsJSON) if err != nil { return nil, err } @@ -217,17 +205,8 @@ func (this *ServerService) UpdateServerTCP(ctx context.Context, req *pb.UpdateSe return nil, errors.New("invalid serverId") } - // 查询老的节点信息 - server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId) - if err != nil { - return nil, err - } - if server == nil { - return nil, errors.New("can not find server") - } - // 修改配置 - err = models.SharedServerDAO.UpdateServerTCP(req.ServerId, req.Config) + err = models.SharedServerDAO.UpdateServerTCP(req.ServerId, req.TcpJSON) if err != nil { return nil, err } @@ -247,17 +226,8 @@ func (this *ServerService) UpdateServerTLS(ctx context.Context, req *pb.UpdateSe return nil, errors.New("invalid serverId") } - // 查询老的节点信息 - server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId) - if err != nil { - return nil, err - } - if server == nil { - return nil, errors.New("can not find server") - } - // 修改配置 - err = models.SharedServerDAO.UpdateServerTLS(req.ServerId, req.Config) + err = models.SharedServerDAO.UpdateServerTLS(req.ServerId, req.TlsJSON) if err != nil { return nil, err } @@ -277,17 +247,8 @@ func (this *ServerService) UpdateServerUnix(ctx context.Context, req *pb.UpdateS return nil, errors.New("invalid serverId") } - // 查询老的节点信息 - server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId) - if err != nil { - return nil, err - } - if server == nil { - return nil, errors.New("can not find server") - } - // 修改配置 - err = models.SharedServerDAO.UpdateServerUnix(req.ServerId, req.Config) + err = models.SharedServerDAO.UpdateServerUnix(req.ServerId, req.UnixJSON) if err != nil { return nil, err } @@ -307,17 +268,8 @@ func (this *ServerService) UpdateServerUDP(ctx context.Context, req *pb.UpdateSe return nil, errors.New("invalid serverId") } - // 查询老的节点信息 - server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId) - if err != nil { - return nil, err - } - if server == nil { - return nil, errors.New("can not find server") - } - // 修改配置 - err = models.SharedServerDAO.UpdateServerUDP(req.ServerId, req.Config) + err = models.SharedServerDAO.UpdateServerUDP(req.ServerId, req.UdpJSON) if err != nil { return nil, err } @@ -334,20 +286,10 @@ func (this *ServerService) UpdateServerWeb(ctx context.Context, req *pb.UpdateSe } if userId > 0 { - // TODO 检查权限 - } - - if req.ServerId <= 0 { - return nil, errors.New("invalid serverId") - } - - // 查询老的节点信息 - server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId) - if err != nil { - return nil, err - } - if server == nil { - return nil, errors.New("can not find server") + err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId) + if err != nil { + return nil, err + } } // 修改配置 @@ -362,22 +304,16 @@ func (this *ServerService) UpdateServerWeb(ctx context.Context, req *pb.UpdateSe // 修改反向代理服务 func (this *ServerService) UpdateServerReverseProxy(ctx context.Context, req *pb.UpdateServerReverseProxyRequest) (*pb.RPCSuccess, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } - if req.ServerId <= 0 { - return nil, errors.New("invalid serverId") - } - - // 查询老的节点信息 - server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId) - if err != nil { - return nil, err - } - if server == nil { - return nil, errors.New("can not find server") + if userId > 0 { + err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId) + if err != nil { + return nil, err + } } // 修改配置 @@ -658,11 +594,19 @@ func (this *ServerService) DeleteServer(ctx context.Context, req *pb.DeleteServe // 查找单个服务 func (this *ServerService) FindEnabledServer(ctx context.Context, req *pb.FindEnabledServerRequest) (*pb.FindEnabledServerResponse, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + // 检查权限 + if userId > 0 { + err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId) + if err != nil { + return nil, err + } + } + server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId) if err != nil { return nil, err @@ -730,14 +674,53 @@ func (this *ServerService) FindEnabledServer(ctx context.Context, req *pb.FindEn }}, nil } -// -func (this *ServerService) FindEnabledServerType(ctx context.Context, req *pb.FindEnabledServerTypeRequest) (*pb.FindEnabledServerTypeResponse, error) { +// 查找服务配置 +func (this *ServerService) FindEnabledServerConfig(ctx context.Context, req *pb.FindEnabledServerConfigRequest) (*pb.FindEnabledServerConfigResponse, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + // 检查权限 + if userId > 0 { + err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId) + if err != nil { + return nil, err + } + } + + config, err := models.SharedServerDAO.ComposeServerConfig(req.ServerId) + if err != nil { + return nil, err + } + if config == nil { + return &pb.FindEnabledServerConfigResponse{ServerJSON: nil}, nil + } + + configJSON, err := json.Marshal(config) + if err != nil { + return nil, err + } + return &pb.FindEnabledServerConfigResponse{ServerJSON: configJSON}, nil +} + +// 查找服务的服务类型 +func (this *ServerService) FindEnabledServerType(ctx context.Context, req *pb.FindEnabledServerTypeRequest) (*pb.FindEnabledServerTypeResponse, error) { + // 校验请求 + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) + if err != nil { + return nil, err + } + + // 检查权限 + if userId > 0 { + err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId) + if err != nil { + return nil, err + } + } + serverType, err := models.SharedServerDAO.FindEnabledServerType(req.ServerId) if err != nil { return nil, err @@ -800,11 +783,18 @@ func (this *ServerService) FindAndInitServerReverseProxyConfig(ctx context.Conte // 初始化Web设置 func (this *ServerService) FindAndInitServerWebConfig(ctx context.Context, req *pb.FindAndInitServerWebConfigRequest) (*pb.FindAndInitServerWebConfigResponse, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId) + if err != nil { + return nil, err + } + } + webId, err := models.SharedServerDAO.FindServerWebId(req.ServerId) if err != nil { return nil, err @@ -837,10 +827,7 @@ func (this *ServerService) CountAllEnabledServersWithSSLCertId(ctx context.Conte return nil, err } if userId > 0 { - err = models.SharedSSLCertDAO.CheckUserCert(req.SslCertId, userId) - if err != nil { - return nil, err - } + // TODO 校验权限 } policyIds, err := models.SharedSSLPolicyDAO.FindAllEnabledPolicyIdsWithCertId(req.SslCertId) @@ -863,11 +850,15 @@ func (this *ServerService) CountAllEnabledServersWithSSLCertId(ctx context.Conte // 查找使用某个SSL证书的所有服务 func (this *ServerService) FindAllEnabledServersWithSSLCertId(ctx context.Context, req *pb.FindAllEnabledServersWithSSLCertIdRequest) (*pb.FindAllEnabledServersWithSSLCertIdResponse, error) { // 校验请求 - _, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin) + _, userId, err := this.ValidateAdminAndUser(ctx, 0, 0) if err != nil { return nil, err } + if userId > 0 { + // TODO 校验权限 + } + policyIds, err := models.SharedSSLPolicyDAO.FindAllEnabledPolicyIdsWithCertId(req.SslCertId) if err != nil { return nil, err