阶段性提交

internal/db/models/server_dao.go

@@ -486,6 +486,10 @@ func (this *ServerDAO) UpdateServerNames(serverId int64, serverNames []byte) err
 		serverNames = []byte("[]")
 	}
 	op.ServerNames = serverNames
+	err := this.Save(op)
+	if err != nil {
+		return err
+	}
 	return this.createEvent()
 }
 
@@ -503,7 +507,11 @@ func (this *ServerDAO) UpdateAuditingServerNames(serverId int64, isAuditing bool
 	} else {
 		op.AuditingServerNames = auditingServerNamesJSON
 	}
-
+	op.AuditingResult = `{"isOk":true}`
+	err := this.Save(op)
+	if err != nil {
+		return err
+	}
 	return this.createEvent()
 }
 

internal/rpc/services/service_http_header.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 )
 
@@ -14,11 +13,16 @@ type HTTPHeaderService struct {
 
 // 创建Header
 func (this *HTTPHeaderService) CreateHTTPHeader(ctx context.Context, req *pb.CreateHTTPHeaderRequest) (*pb.CreateHTTPHeaderResponse, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	// 校验请求
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	headerId, err := models.SharedHTTPHeaderDAO.CreateHeader(req.Name, req.Value)
 	if err != nil {
 		return nil, err
@@ -29,11 +33,16 @@ func (this *HTTPHeaderService) CreateHTTPHeader(ctx context.Context, req *pb.Cre
 
 // 修改Header
 func (this *HTTPHeaderService) UpdateHTTPHeader(ctx context.Context, req *pb.UpdateHTTPHeaderRequest) (*pb.RPCSuccess, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	// 校验请求
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPHeaderDAO.UpdateHeader(req.HeaderId, req.Name, req.Value)
 	if err != nil {
 		return nil, err
@@ -44,11 +53,16 @@ func (this *HTTPHeaderService) UpdateHTTPHeader(ctx context.Context, req *pb.Upd
 
 // 查找配置
 func (this *HTTPHeaderService) FindEnabledHTTPHeaderConfig(ctx context.Context, req *pb.FindEnabledHTTPHeaderConfigRequest) (*pb.FindEnabledHTTPHeaderConfigResponse, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	// 校验请求
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	config, err := models.SharedHTTPHeaderDAO.ComposeHeaderConfig(req.HeaderId)
 	if err != nil {
 		return nil, err

internal/rpc/services/service_http_header_policy.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 )
 
@@ -14,7 +13,7 @@ type HTTPHeaderPolicyService struct {
 
 // 查找策略配置
 func (this *HTTPHeaderPolicyService) FindEnabledHTTPHeaderPolicyConfig(ctx context.Context, req *pb.FindEnabledHTTPHeaderPolicyConfigRequest) (*pb.FindEnabledHTTPHeaderPolicyConfigResponse, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -34,7 +33,7 @@ func (this *HTTPHeaderPolicyService) FindEnabledHTTPHeaderPolicyConfig(ctx conte
 
 // 创建策略
 func (this *HTTPHeaderPolicyService) CreateHTTPHeaderPolicy(ctx context.Context, req *pb.CreateHTTPHeaderPolicyRequest) (*pb.CreateHTTPHeaderPolicyResponse, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -49,7 +48,7 @@ func (this *HTTPHeaderPolicyService) CreateHTTPHeaderPolicy(ctx context.Context,
 
 // 修改AddHeaders
 func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyAddingHeaders(ctx context.Context, req *pb.UpdateHTTPHeaderPolicyAddingHeadersRequest) (*pb.RPCSuccess, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -64,7 +63,7 @@ func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyAddingHeaders(ctx con
 
 // 修改SetHeaders
 func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicySettingHeaders(ctx context.Context, req *pb.UpdateHTTPHeaderPolicySettingHeadersRequest) (*pb.RPCSuccess, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -79,7 +78,7 @@ func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicySettingHeaders(ctx co
 
 // 修改AddTrailers
 func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyAddingTrailers(ctx context.Context, req *pb.UpdateHTTPHeaderPolicyAddingTrailersRequest) (*pb.RPCSuccess, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -94,7 +93,7 @@ func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyAddingTrailers(ctx co
 
 // 修改ReplaceHeaders
 func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyReplacingHeaders(ctx context.Context, req *pb.UpdateHTTPHeaderPolicyReplacingHeadersRequest) (*pb.RPCSuccess, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -109,7 +108,7 @@ func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyReplacingHeaders(ctx
 
 // 修改删除的Headers
 func (this *HTTPHeaderPolicyService) UpdateHTTPHeaderPolicyDeletingHeaders(ctx context.Context, req *pb.UpdateHTTPHeaderPolicyDeletingHeadersRequest) (*pb.RPCSuccess, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}

internal/rpc/services/service_http_web.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 )
 
@@ -31,11 +30,15 @@ func (this *HTTPWebService) CreateHTTPWeb(ctx context.Context, req *pb.CreateHTT
 // 查找Web配置
 func (this *HTTPWebService) FindEnabledHTTPWeb(ctx context.Context, req *pb.FindEnabledHTTPWebRequest) (*pb.FindEnabledHTTPWebResponse, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	web, err := models.SharedHTTPWebDAO.FindEnabledHTTPWeb(req.WebId)
 	if err != nil {
 		return nil, err
@@ -54,11 +57,15 @@ func (this *HTTPWebService) FindEnabledHTTPWeb(ctx context.Context, req *pb.Find
 // 查找Web配置
 func (this *HTTPWebService) FindEnabledHTTPWebConfig(ctx context.Context, req *pb.FindEnabledHTTPWebConfigRequest) (*pb.FindEnabledHTTPWebConfigResponse, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	config, err := models.SharedHTTPWebDAO.ComposeWebConfig(req.WebId)
 	if err != nil {
 		return nil, err
@@ -74,11 +81,15 @@ func (this *HTTPWebService) FindEnabledHTTPWebConfig(ctx context.Context, req *p
 // 修改Web配置
 func (this *HTTPWebService) UpdateHTTPWeb(ctx context.Context, req *pb.UpdateHTTPWebRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWeb(req.WebId, req.RootJSON)
 	if err != nil {
 		return nil, err
@@ -90,11 +101,15 @@ func (this *HTTPWebService) UpdateHTTPWeb(ctx context.Context, req *pb.UpdateHTT
 // 修改Gzip配置
 func (this *HTTPWebService) UpdateHTTPWebGzip(ctx context.Context, req *pb.UpdateHTTPWebGzipRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebGzip(req.WebId, req.GzipJSON)
 	if err != nil {
 		return nil, err
@@ -106,11 +121,15 @@ func (this *HTTPWebService) UpdateHTTPWebGzip(ctx context.Context, req *pb.Updat
 // 修改字符集配置
 func (this *HTTPWebService) UpdateHTTPWebCharset(ctx context.Context, req *pb.UpdateHTTPWebCharsetRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebCharset(req.WebId, req.CharsetJSON)
 	if err != nil {
 		return nil, err
@@ -121,11 +140,15 @@ func (this *HTTPWebService) UpdateHTTPWebCharset(ctx context.Context, req *pb.Up
 // 更改请求Header策略
 func (this *HTTPWebService) UpdateHTTPWebRequestHeader(ctx context.Context, req *pb.UpdateHTTPWebRequestHeaderRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebRequestHeaderPolicy(req.WebId, req.HeaderJSON)
 	if err != nil {
 		return nil, err
@@ -137,11 +160,15 @@ func (this *HTTPWebService) UpdateHTTPWebRequestHeader(ctx context.Context, req
 // 更改响应Header策略
 func (this *HTTPWebService) UpdateHTTPWebResponseHeader(ctx context.Context, req *pb.UpdateHTTPWebResponseHeaderRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebResponseHeaderPolicy(req.WebId, req.HeaderJSON)
 	if err != nil {
 		return nil, err
@@ -153,11 +180,15 @@ func (this *HTTPWebService) UpdateHTTPWebResponseHeader(ctx context.Context, req
 // 更改Shutdown
 func (this *HTTPWebService) UpdateHTTPWebShutdown(ctx context.Context, req *pb.UpdateHTTPWebShutdownRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebShutdown(req.WebId, req.ShutdownJSON)
 	if err != nil {
 		return nil, err
@@ -168,11 +199,15 @@ func (this *HTTPWebService) UpdateHTTPWebShutdown(ctx context.Context, req *pb.U
 // 更改Pages
 func (this *HTTPWebService) UpdateHTTPWebPages(ctx context.Context, req *pb.UpdateHTTPWebPagesRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebPages(req.WebId, req.PagesJSON)
 	if err != nil {
 		return nil, err
@@ -183,11 +218,15 @@ func (this *HTTPWebService) UpdateHTTPWebPages(ctx context.Context, req *pb.Upda
 // 更改访问日志配置
 func (this *HTTPWebService) UpdateHTTPWebAccessLog(ctx context.Context, req *pb.UpdateHTTPWebAccessLogRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebAccessLogConfig(req.WebId, req.AccessLogJSON)
 	if err != nil {
 		return nil, err
@@ -198,11 +237,15 @@ func (this *HTTPWebService) UpdateHTTPWebAccessLog(ctx context.Context, req *pb.
 // 更改统计配置
 func (this *HTTPWebService) UpdateHTTPWebStat(ctx context.Context, req *pb.UpdateHTTPWebStatRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebStat(req.WebId, req.StatJSON)
 	if err != nil {
 		return nil, err
@@ -233,11 +276,15 @@ func (this *HTTPWebService) UpdateHTTPWebCache(ctx context.Context, req *pb.Upda
 // 更改防火墙设置
 func (this *HTTPWebService) UpdateHTTPWebFirewall(ctx context.Context, req *pb.UpdateHTTPWebFirewallRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebFirewall(req.WebId, req.FirewallJSON)
 	if err != nil {
 		return nil, err
@@ -249,11 +296,15 @@ func (this *HTTPWebService) UpdateHTTPWebFirewall(ctx context.Context, req *pb.U
 // 更改路径规则设置
 func (this *HTTPWebService) UpdateHTTPWebLocations(ctx context.Context, req *pb.UpdateHTTPWebLocationsRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebLocations(req.WebId, req.LocationsJSON)
 	if err != nil {
 		return nil, err
@@ -265,11 +316,13 @@ func (this *HTTPWebService) UpdateHTTPWebLocations(ctx context.Context, req *pb.
 // 更改跳转到HTTPS设置
 func (this *HTTPWebService) UpdateHTTPWebRedirectToHTTPS(ctx context.Context, req *pb.UpdateHTTPWebRedirectToHTTPSRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	// TODO 检查权限
+
 	err = models.SharedHTTPWebDAO.UpdateWebRedirectToHTTPS(req.WebId, req.RedirectToHTTPSJSON)
 	if err != nil {
 		return nil, err
@@ -280,11 +333,13 @@ func (this *HTTPWebService) UpdateHTTPWebRedirectToHTTPS(ctx context.Context, re
 // 更改Websocket设置
 func (this *HTTPWebService) UpdateHTTPWebWebsocket(ctx context.Context, req *pb.UpdateHTTPWebWebsocketRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	// TODO 检查权限
+
 	err = models.SharedHTTPWebDAO.UpdateWebsocket(req.WebId, req.WebsocketJSON)
 	if err != nil {
 		return nil, err
@@ -295,11 +350,15 @@ func (this *HTTPWebService) UpdateHTTPWebWebsocket(ctx context.Context, req *pb.
 // 更改重写规则设置
 func (this *HTTPWebService) UpdateHTTPWebRewriteRules(ctx context.Context, req *pb.UpdateHTTPWebRewriteRulesRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查用户权限
+	}
+
 	err = models.SharedHTTPWebDAO.UpdateWebRewriteRules(req.WebId, req.RewriteRulesJSON)
 	if err != nil {
 		return nil, err

internal/rpc/services/service_http_websocket.go

@@ -3,7 +3,6 @@ package services
 import (
 	"context"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 )
 
@@ -14,7 +13,7 @@ type HTTPWebsocketService struct {
 // 创建Websocket配置
 func (this *HTTPWebsocketService) CreateHTTPWebsocket(ctx context.Context, req *pb.CreateHTTPWebsocketRequest) (*pb.CreateHTTPWebsocketResponse, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -29,11 +28,13 @@ func (this *HTTPWebsocketService) CreateHTTPWebsocket(ctx context.Context, req *
 // 修改Websocket配置
 func (this *HTTPWebsocketService) UpdateHTTPWebsocket(ctx context.Context, req *pb.UpdateHTTPWebsocketRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, _, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	// TODO 用户不能修改别人的WebSocket设置
+
 	err = models.SharedHTTPWebsocketDAO.UpdateWebsocket(req.WebsocketId, req.HandshakeTimeoutJSON, req.AllowAllOrigins, req.AllowedOrigins, req.RequestSameOrigin, req.RequestOrigin)
 	if err != nil {
 		return nil, err

internal/rpc/services/service_origin.go

@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"errors"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/maps"
 )
@@ -40,11 +39,14 @@ func (this *OriginService) CreateOrigin(ctx context.Context, req *pb.CreateOrigi
 
 // 修改源站
 func (this *OriginService) UpdateOrigin(ctx context.Context, req *pb.UpdateOriginRequest) (*pb.RPCSuccess, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 校验权限
+	}
 	if req.Addr == nil {
 		return nil, errors.New("'addr' can not be nil")
 	}
@@ -63,11 +65,15 @@ func (this *OriginService) UpdateOrigin(ctx context.Context, req *pb.UpdateOrigi
 
 // 查找单个源站信息
 func (this *OriginService) FindEnabledOrigin(ctx context.Context, req *pb.FindEnabledOriginRequest) (*pb.FindEnabledOriginResponse, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 校验权限
+	}
+
 	origin, err := models.SharedOriginDAO.FindEnabledOrigin(req.OriginId)
 	if err != nil {
 		return nil, err
@@ -98,11 +104,15 @@ func (this *OriginService) FindEnabledOrigin(ctx context.Context, req *pb.FindEn
 
 // 查找源站配置
 func (this *OriginService) FindEnabledOriginConfig(ctx context.Context, req *pb.FindEnabledOriginConfigRequest) (*pb.FindEnabledOriginConfigResponse, error) {
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 校验权限
+	}
+
 	config, err := models.SharedOriginDAO.ComposeOriginConfig(req.OriginId)
 	if err != nil {
 		return nil, err

internal/rpc/services/service_reverse_proxy.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
-	rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/types"
 )
@@ -36,11 +35,15 @@ func (this *ReverseProxyService) CreateReverseProxy(ctx context.Context, req *pb
 // 查找反向代理
 func (this *ReverseProxyService) FindEnabledReverseProxy(ctx context.Context, req *pb.FindEnabledReverseProxyRequest) (*pb.FindEnabledReverseProxyResponse, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查权限
+	}
+
 	reverseProxy, err := models.SharedReverseProxyDAO.FindEnabledReverseProxy(req.ReverseProxyId)
 	if err != nil {
 		return nil, err
@@ -61,11 +64,15 @@ func (this *ReverseProxyService) FindEnabledReverseProxy(ctx context.Context, re
 // 查找反向代理配置
 func (this *ReverseProxyService) FindEnabledReverseProxyConfig(ctx context.Context, req *pb.FindEnabledReverseProxyConfigRequest) (*pb.FindEnabledReverseProxyConfigResponse, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查权限
+	}
+
 	config, err := models.SharedReverseProxyDAO.ComposeReverseProxyConfig(req.ReverseProxyId)
 	if err != nil {
 		return nil, err
@@ -82,11 +89,15 @@ func (this *ReverseProxyService) FindEnabledReverseProxyConfig(ctx context.Conte
 // 修改反向代理调度算法
 func (this *ReverseProxyService) UpdateReverseProxyScheduling(ctx context.Context, req *pb.UpdateReverseProxySchedulingRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查权限
+	}
+
 	err = models.SharedReverseProxyDAO.UpdateReverseProxyScheduling(req.ReverseProxyId, req.SchedulingJSON)
 	if err != nil {
 		return nil, err
@@ -98,11 +109,15 @@ func (this *ReverseProxyService) UpdateReverseProxyScheduling(ctx context.Contex
 // 修改主要源站信息
 func (this *ReverseProxyService) UpdateReverseProxyPrimaryOrigins(ctx context.Context, req *pb.UpdateReverseProxyPrimaryOriginsRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查权限
+	}
+
 	err = models.SharedReverseProxyDAO.UpdateReverseProxyPrimaryOrigins(req.ReverseProxyId, req.OriginsJSON)
 	if err != nil {
 		return nil, err
@@ -114,11 +129,15 @@ func (this *ReverseProxyService) UpdateReverseProxyPrimaryOrigins(ctx context.Co
 // 修改备用源站信息
 func (this *ReverseProxyService) UpdateReverseProxyBackupOrigins(ctx context.Context, req *pb.UpdateReverseProxyBackupOriginsRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 检查权限
+	}
+
 	err = models.SharedReverseProxyDAO.UpdateReverseProxyBackupOrigins(req.ReverseProxyId, req.OriginsJSON)
 	if err != nil {
 		return nil, err

internal/rpc/services/service_server.go

@@ -75,7 +75,7 @@ func (this *ServerService) CreateServer(ctx context.Context, req *pb.CreateServe
 // 修改服务基本信息
 func (this *ServerService) UpdateServerBasic(ctx context.Context, req *pb.UpdateServerBasicRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, err := this.ValidateAdmin(ctx, 0)
 	if err != nil {
 		return nil, err
 	}
@@ -148,26 +148,20 @@ func (this *ServerService) UpdateServerIsOn(ctx context.Context, req *pb.UpdateS
 // 修改HTTP服务
 func (this *ServerService) UpdateServerHTTP(ctx context.Context, req *pb.UpdateServerHTTPRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
-	if req.ServerId <= 0 {
+	if userId > 0 {
-		return nil, errors.New("invalid serverId")
+		err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId)
-	}
-
-	// 查询老的节点信息
-	server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId)
 		if err != nil {
 			return nil, err
 		}
-	if server == nil {
-		return nil, errors.New("can not find server")
 	}
 
 	// 修改配置
-	err = models.SharedServerDAO.UpdateServerHTTP(req.ServerId, req.Config)
+	err = models.SharedServerDAO.UpdateServerHTTP(req.ServerId, req.HttpJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -178,26 +172,20 @@ func (this *ServerService) UpdateServerHTTP(ctx context.Context, req *pb.UpdateS
 // 修改HTTPS服务
 func (this *ServerService) UpdateServerHTTPS(ctx context.Context, req *pb.UpdateServerHTTPSRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
-	if req.ServerId <= 0 {
+	if userId > 0 {
-		return nil, errors.New("invalid serverId")
+		err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId)
-	}
-
-	// 查询老的节点信息
-	server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId)
 		if err != nil {
 			return nil, err
 		}
-	if server == nil {
-		return nil, errors.New("can not find server")
 	}
 
 	// 修改配置
-	err = models.SharedServerDAO.UpdateServerHTTPS(req.ServerId, req.Config)
+	err = models.SharedServerDAO.UpdateServerHTTPS(req.ServerId, req.HttpsJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -217,17 +205,8 @@ func (this *ServerService) UpdateServerTCP(ctx context.Context, req *pb.UpdateSe
 		return nil, errors.New("invalid serverId")
 	}
 
-	// 查询老的节点信息
-	server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId)
-	if err != nil {
-		return nil, err
-	}
-	if server == nil {
-		return nil, errors.New("can not find server")
-	}
-
 	// 修改配置
-	err = models.SharedServerDAO.UpdateServerTCP(req.ServerId, req.Config)
+	err = models.SharedServerDAO.UpdateServerTCP(req.ServerId, req.TcpJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -247,17 +226,8 @@ func (this *ServerService) UpdateServerTLS(ctx context.Context, req *pb.UpdateSe
 		return nil, errors.New("invalid serverId")
 	}
 
-	// 查询老的节点信息
-	server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId)
-	if err != nil {
-		return nil, err
-	}
-	if server == nil {
-		return nil, errors.New("can not find server")
-	}
-
 	// 修改配置
-	err = models.SharedServerDAO.UpdateServerTLS(req.ServerId, req.Config)
+	err = models.SharedServerDAO.UpdateServerTLS(req.ServerId, req.TlsJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -277,17 +247,8 @@ func (this *ServerService) UpdateServerUnix(ctx context.Context, req *pb.UpdateS
 		return nil, errors.New("invalid serverId")
 	}
 
-	// 查询老的节点信息
-	server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId)
-	if err != nil {
-		return nil, err
-	}
-	if server == nil {
-		return nil, errors.New("can not find server")
-	}
-
 	// 修改配置
-	err = models.SharedServerDAO.UpdateServerUnix(req.ServerId, req.Config)
+	err = models.SharedServerDAO.UpdateServerUnix(req.ServerId, req.UnixJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -307,17 +268,8 @@ func (this *ServerService) UpdateServerUDP(ctx context.Context, req *pb.UpdateSe
 		return nil, errors.New("invalid serverId")
 	}
 
-	// 查询老的节点信息
-	server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId)
-	if err != nil {
-		return nil, err
-	}
-	if server == nil {
-		return nil, errors.New("can not find server")
-	}
-
 	// 修改配置
-	err = models.SharedServerDAO.UpdateServerUDP(req.ServerId, req.Config)
+	err = models.SharedServerDAO.UpdateServerUDP(req.ServerId, req.UdpJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -334,20 +286,10 @@ func (this *ServerService) UpdateServerWeb(ctx context.Context, req *pb.UpdateSe
 	}
 
 	if userId > 0 {
-		// TODO 检查权限
+		err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId)
-	}
-
-	if req.ServerId <= 0 {
-		return nil, errors.New("invalid serverId")
-	}
-
-	// 查询老的节点信息
-	server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId)
 		if err != nil {
 			return nil, err
 		}
-	if server == nil {
-		return nil, errors.New("can not find server")
 	}
 
 	// 修改配置
@@ -362,22 +304,16 @@ func (this *ServerService) UpdateServerWeb(ctx context.Context, req *pb.UpdateSe
 // 修改反向代理服务
 func (this *ServerService) UpdateServerReverseProxy(ctx context.Context, req *pb.UpdateServerReverseProxyRequest) (*pb.RPCSuccess, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
-	if req.ServerId <= 0 {
+	if userId > 0 {
-		return nil, errors.New("invalid serverId")
+		err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId)
-	}
-
-	// 查询老的节点信息
-	server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId)
 		if err != nil {
 			return nil, err
 		}
-	if server == nil {
-		return nil, errors.New("can not find server")
 	}
 
 	// 修改配置
@@ -658,11 +594,19 @@ func (this *ServerService) DeleteServer(ctx context.Context, req *pb.DeleteServe
 // 查找单个服务
 func (this *ServerService) FindEnabledServer(ctx context.Context, req *pb.FindEnabledServerRequest) (*pb.FindEnabledServerResponse, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	// 检查权限
+	if userId > 0 {
+		err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	server, err := models.SharedServerDAO.FindEnabledServer(req.ServerId)
 	if err != nil {
 		return nil, err
@@ -730,14 +674,53 @@ func (this *ServerService) FindEnabledServer(ctx context.Context, req *pb.FindEn
 	}}, nil
 }
 
-//
+// 查找服务配置
-func (this *ServerService) FindEnabledServerType(ctx context.Context, req *pb.FindEnabledServerTypeRequest) (*pb.FindEnabledServerTypeResponse, error) {
+func (this *ServerService) FindEnabledServerConfig(ctx context.Context, req *pb.FindEnabledServerConfigRequest) (*pb.FindEnabledServerConfigResponse, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	// 检查权限
+	if userId > 0 {
+		err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	config, err := models.SharedServerDAO.ComposeServerConfig(req.ServerId)
+	if err != nil {
+		return nil, err
+	}
+	if config == nil {
+		return &pb.FindEnabledServerConfigResponse{ServerJSON: nil}, nil
+	}
+
+	configJSON, err := json.Marshal(config)
+	if err != nil {
+		return nil, err
+	}
+	return &pb.FindEnabledServerConfigResponse{ServerJSON: configJSON}, nil
+}
+
+// 查找服务的服务类型
+func (this *ServerService) FindEnabledServerType(ctx context.Context, req *pb.FindEnabledServerTypeRequest) (*pb.FindEnabledServerTypeResponse, error) {
+	// 校验请求
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	// 检查权限
+	if userId > 0 {
+		err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	serverType, err := models.SharedServerDAO.FindEnabledServerType(req.ServerId)
 	if err != nil {
 		return nil, err
@@ -800,11 +783,18 @@ func (this *ServerService) FindAndInitServerReverseProxyConfig(ctx context.Conte
 // 初始化Web设置
 func (this *ServerService) FindAndInitServerWebConfig(ctx context.Context, req *pb.FindAndInitServerWebConfigRequest) (*pb.FindAndInitServerWebConfigResponse, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		err = models.SharedServerDAO.CheckUserServer(req.ServerId, userId)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	webId, err := models.SharedServerDAO.FindServerWebId(req.ServerId)
 	if err != nil {
 		return nil, err
@@ -837,10 +827,7 @@ func (this *ServerService) CountAllEnabledServersWithSSLCertId(ctx context.Conte
 		return nil, err
 	}
 	if userId > 0 {
-		err = models.SharedSSLCertDAO.CheckUserCert(req.SslCertId, userId)
+		// TODO 校验权限
-		if err != nil {
-			return nil, err
-		}
 	}
 
 	policyIds, err := models.SharedSSLPolicyDAO.FindAllEnabledPolicyIdsWithCertId(req.SslCertId)
@@ -863,11 +850,15 @@ func (this *ServerService) CountAllEnabledServersWithSSLCertId(ctx context.Conte
 // 查找使用某个SSL证书的所有服务
 func (this *ServerService) FindAllEnabledServersWithSSLCertId(ctx context.Context, req *pb.FindAllEnabledServersWithSSLCertIdRequest) (*pb.FindAllEnabledServersWithSSLCertIdResponse, error) {
 	// 校验请求
-	_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
+	_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		// TODO 校验权限
+	}
+
 	policyIds, err := models.SharedSSLPolicyDAO.FindAllEnabledPolicyIdsWithCertId(req.SslCertId)
 	if err != nil {
 		return nil, err