提供用户节点上传状态接口

internal/rpc/services/service_base.go

@@ -2,10 +2,20 @@ package services
 
 import (
 	"context"
+	"encoding/base64"
+	"encoding/json"
+	teaconst "github.com/TeaOSLab/EdgeAPI/internal/const"
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/TeaOSLab/EdgeAPI/internal/encrypt"
 	"github.com/TeaOSLab/EdgeAPI/internal/errors"
 	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
+	"github.com/TeaOSLab/EdgeAPI/internal/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/dbs"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+	"google.golang.org/grpc/metadata"
+	"time"
 )
 
 type BaseService struct {
@@ -72,6 +82,101 @@ func (this *BaseService) ValidateUser(ctx context.Context) (userId int64, err er
 	return
 }
 
+// 获取节点ID
+func (this *BaseService) ValidateNodeId(ctx context.Context, roles ...rpcutils.UserType) (role rpcutils.UserType, nodeIntId int64, err error) {
+	if ctx == nil {
+		err = errors.New("context should not be nil")
+		role = rpcutils.UserTypeNone
+		return
+	}
+
+	md, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return rpcutils.UserTypeNone, 0, errors.New("context: need 'nodeId'")
+	}
+	nodeIds := md.Get("nodeid")
+	if len(nodeIds) == 0 || len(nodeIds[0]) == 0 {
+		return rpcutils.UserTypeNone, 0, errors.New("context: need 'nodeId'")
+	}
+	nodeId := nodeIds[0]
+
+	// 获取角色Node信息
+	// TODO 缓存节点ID相关信息
+	apiToken, err := models.SharedApiTokenDAO.FindEnabledTokenWithNode(nil, nodeId)
+	if err != nil {
+		return rpcutils.UserTypeNone, 0, err
+	}
+	if apiToken == nil {
+		return rpcutils.UserTypeNone, 0, errors.New("context: can not find api token for node '" + nodeId + "'")
+	}
+	if !lists.ContainsString(roles, apiToken.Role) {
+		return rpcutils.UserTypeNone, 0, errors.New("context: unsupported role '" + apiToken.Role + "'")
+	}
+
+	tokens := md.Get("token")
+	if len(tokens) == 0 || len(tokens[0]) == 0 {
+		return rpcutils.UserTypeNone, 0, errors.New("context: need 'token'")
+	}
+	token := tokens[0]
+
+	data, err := base64.StdEncoding.DecodeString(token)
+	if err != nil {
+		return rpcutils.UserTypeNone, 0, err
+	}
+
+	method, err := encrypt.NewMethodInstance(teaconst.EncryptMethod, apiToken.Secret, nodeId)
+	if err != nil {
+		utils.PrintError(err)
+		return rpcutils.UserTypeNone, 0, err
+	}
+	data, err = method.Decrypt(data)
+	if err != nil {
+		return rpcutils.UserTypeNone, 0, err
+	}
+	if len(data) == 0 {
+		return rpcutils.UserTypeNone, 0, errors.New("invalid token")
+	}
+
+	m := maps.Map{}
+	err = json.Unmarshal(data, &m)
+	if err != nil {
+		return rpcutils.UserTypeNone, 0, errors.New("decode token error: " + err.Error())
+	}
+
+	timestamp := m.GetInt64("timestamp")
+	if time.Now().Unix()-timestamp > 600 {
+		// 请求超过10分钟认为超时
+		return rpcutils.UserTypeNone, 0, errors.New("authenticate timeout")
+	}
+
+	switch apiToken.Role {
+	case rpcutils.UserTypeNode:
+		nodeIntId, err = models.SharedNodeDAO.FindEnabledNodeIdWithUniqueId(nil, nodeId)
+		if err != nil {
+			return rpcutils.UserTypeNode, 0, errors.New("context: " + err.Error())
+		}
+		if nodeIntId <= 0 {
+			return rpcutils.UserTypeNode, 0, errors.New("context: not found node with id '" + nodeId + "'")
+		}
+	case rpcutils.UserTypeCluster:
+		nodeIntId, err = models.SharedNodeClusterDAO.FindEnabledClusterIdWithUniqueId(nil, nodeId)
+		if err != nil {
+			return rpcutils.UserTypeCluster, 0, errors.New("context: " + err.Error())
+		}
+		if nodeIntId <= 0 {
+			return rpcutils.UserTypeCluster, 0, errors.New("context: not found cluster with id '" + nodeId + "'")
+		}
+	case rpcutils.UserTypeUser:
+		nodeIntId, err = models.SharedUserNodeDAO.FindEnabledUserNodeIdWithUniqueId(nil, nodeId)
+	case rpcutils.UserTypeAdmin:
+		nodeIntId = 0
+	default:
+		err = errors.New("unsupported user role '" + apiToken.Role + "'")
+	}
+
+	return
+}
+
 // 返回成功
 func (this *BaseService) Success() (*pb.RPCSuccess, error) {
 	return &pb.RPCSuccess{}, nil