兼容用户节点

internal/db/models/http_web_dao.go

@@ -315,10 +315,14 @@ func (this *HTTPWebDAO) ComposeWebConfig(webId int64) (*serverconfigs.HTTPWebCon
 }
 
 // 创建Web配置
-func (this *HTTPWebDAO) CreateWeb(rootJSON []byte) (int64, error) {
+func (this *HTTPWebDAO) CreateWeb(adminId int64, userId int64, rootJSON []byte) (int64, error) {
 	op := NewHTTPWebOperator()
 	op.State = HTTPWebStateEnabled
-	op.Root = JSONBytes(rootJSON)
+	op.AdminId = adminId
+	op.UserId = userId
+	if len(rootJSON) > 0 {
+		op.Root = JSONBytes(rootJSON)
+	}
 	err := this.Save(op)
 	if err != nil {
 		return 0, err

internal/db/models/origin_dao.go

@@ -91,8 +91,10 @@ func (this *OriginDAO) FindOriginName(id int64) (string, error) {
 }
 
 // 创建源站
-func (this *OriginDAO) CreateOrigin(name string, addrJSON string, description string, weight int32, isOn bool) (originId int64, err error) {
+func (this *OriginDAO) CreateOrigin(adminId int64, userId int64, name string, addrJSON string, description string, weight int32, isOn bool) (originId int64, err error) {
 	op := NewOriginOperator()
+	op.AdminId = adminId
+	op.UserId = userId
 	op.IsOn = isOn
 	op.Name = name
 	op.Addr = addrJSON

internal/db/models/reverse_proxy_dao.go

@@ -151,10 +151,13 @@ func (this *ReverseProxyDAO) ComposeReverseProxyConfig(reverseProxyId int64) (*s
 }
 
 // 创建反向代理
-func (this *ReverseProxyDAO) CreateReverseProxy(schedulingJSON []byte, primaryOriginsJSON []byte, backupOriginsJSON []byte) (int64, error) {
+func (this *ReverseProxyDAO) CreateReverseProxy(adminId int64, userId int64, schedulingJSON []byte, primaryOriginsJSON []byte, backupOriginsJSON []byte) (int64, error) {
 	op := NewReverseProxyOperator()
 	op.IsOn = true
 	op.State = ReverseProxyStateEnabled
+	op.AdminId = adminId
+	op.UserId = userId
+
 	if len(schedulingJSON) > 0 {
 		op.Scheduling = string(schedulingJSON)
 	}

internal/db/models/server_dao.go

@@ -392,7 +392,12 @@ func (this *ServerDAO) InitServerWeb(serverId int64) (int64, error) {
 		return 0, errors.New("serverId should not be smaller than 0")
 	}
 
-	webId, err := SharedHTTPWebDAO.CreateWeb(nil)
+	adminId, userId, err := this.FindServerAdminIdAndUserId(serverId)
+	if err != nil {
+		return 0, err
+	}
+
+	webId, err := SharedHTTPWebDAO.CreateWeb(adminId, userId, nil)
 	if err != nil {
 		return 0, err
 	}
@@ -475,14 +480,14 @@ func (this *ServerDAO) CountAllEnabledServersMatch(groupId int64, keyword string
 		query.Where("(name LIKE :keyword OR serverNames LIKE :keyword)").
 			Param("keyword", "%"+keyword+"%")
 	}
-	if userId > 0{
+	if userId > 0 {
 		query.Attr("userId", userId)
 	}
 	return query.Count()
 }
 
 // 列出单页的服务
-func (this *ServerDAO) ListEnabledServersMatch(offset int64, size int64, groupId int64, keyword string) (result []*Server, err error) {
+func (this *ServerDAO) ListEnabledServersMatch(offset int64, size int64, groupId int64, keyword string, userId int64) (result []*Server, err error) {
 	query := this.Query().
 		State(ServerStateEnabled).
 		Offset(offset).
@@ -498,6 +503,9 @@ func (this *ServerDAO) ListEnabledServersMatch(offset int64, size int64, groupId
 		query.Where("(name LIKE :keyword OR serverNames LIKE :keyword)").
 			Param("keyword", "%"+keyword+"%")
 	}
+	if userId > 0 {
+		query.Attr("userId", userId)
+	}
 
 	_, err = query.FindAll()
 	return
@@ -914,6 +922,21 @@ func (this *ServerDAO) FindServerDNSName(serverId int64) (string, error) {
 		FindStringCol("")
 }
 
+// 获取当前服务的管理员ID和用户ID
+func (this *ServerDAO) FindServerAdminIdAndUserId(serverId int64) (adminId int64, userId int64, err error) {
+	one, err := this.Query().
+		Pk(serverId).
+		Result("adminId", "userId").
+		Find()
+	if err != nil {
+		return 0, 0, err
+	}
+	if one == nil {
+		return 0, 0, nil
+	}
+	return int64(one.(*Server).AdminId), int64(one.(*Server).UserId), nil
+}
+
 // 生成DNS Name
 func (this *ServerDAO) genDNSName() (string, error) {
 	for {

internal/db/models/ssl_cert_dao.go

@@ -210,7 +210,7 @@ func (this *SSLCertDAO) ComposeCertConfig(certId int64) (*sslconfigs.SSLCertConf
 }
 
 // 计算符合条件的证书数量
-func (this *SSLCertDAO) CountCerts(isCA bool, isAvailable bool, isExpired bool, expiringDays int64, keyword string) (int64, error) {
+func (this *SSLCertDAO) CountCerts(isCA bool, isAvailable bool, isExpired bool, expiringDays int64, keyword string, userId int64) (int64, error) {
 	query := this.Query().
 		State(SSLCertStateEnabled)
 	if isCA {
@@ -230,11 +230,17 @@ func (this *SSLCertDAO) CountCerts(isCA bool, isAvailable bool, isExpired bool,
 		query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword)").
 			Param("keyword", "%"+keyword+"%")
 	}
+	if userId > 0 {
+		query.Attr("userId", userId)
+	} else {
+		// 只查询管理员上传的
+		query.Attr("userId", 0)
+	}
 	return query.Count()
 }
 
 // 列出符合条件的证书
-func (this *SSLCertDAO) ListCertIds(isCA bool, isAvailable bool, isExpired bool, expiringDays int64, keyword string, offset int64, size int64) (certIds []int64, err error) {
+func (this *SSLCertDAO) ListCertIds(isCA bool, isAvailable bool, isExpired bool, expiringDays int64, keyword string, userId int64, offset int64, size int64) (certIds []int64, err error) {
 	query := this.Query().
 		State(SSLCertStateEnabled)
 	if isCA {
@@ -254,6 +260,12 @@ func (this *SSLCertDAO) ListCertIds(isCA bool, isAvailable bool, isExpired bool,
 		query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword)").
 			Param("keyword", "%"+keyword+"%")
 	}
+	if userId > 0 {
+		query.Attr("userId", userId)
+	} else {
+		// 只查询管理员上传的
+		query.Attr("userId", 0)
+	}
 
 	ones, err := query.
 		ResultPk().
@@ -313,3 +325,22 @@ func (this *SSLCertDAO) UpdateCertNotifiedAt(certId int64) error {
 		Update()
 	return err
 }
+
+// 检查用户权限
+func (this *SSLCertDAO) CheckUserCert(certId int64, userId int64) error {
+	if certId <= 0 || userId <= 0 {
+		return errors.New("not found")
+	}
+	ok, err := this.Query().
+		Pk(certId).
+		Attr("userId", userId).
+		State(SSLCertStateEnabled).
+		Exist()
+	if err != nil {
+		return err
+	}
+	if !ok {
+		return errors.New("not found")
+	}
+	return nil
+}

internal/db/models/ssl_policy_dao.go

@@ -187,10 +187,13 @@ func (this *SSLPolicyDAO) FindAllEnabledPolicyIdsWithCertId(certId int64) (polic
 }
 
 // 创建Policy
-func (this *SSLPolicyDAO) CreatePolicy(http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) (int64, error) {
+func (this *SSLPolicyDAO) CreatePolicy(adminId int64, userId int64, http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) (int64, error) {
 	op := NewSSLPolicyOperator()
 	op.State = SSLPolicyStateEnabled
 	op.IsOn = true
+	op.AdminId = adminId
+	op.UserId = userId
+
 	op.Http2Enabled = http2Enabled
 	op.MinVersion = minVersion
 
@@ -258,3 +261,22 @@ func (this *SSLPolicyDAO) UpdatePolicy(policyId int64, http2Enabled bool, minVer
 	err := this.Save(op)
 	return err
 }
+
+// 检查是否为用户所属策略
+func (this *SSLPolicyDAO) CheckUserPolicy(policyId int64, userId int64) error {
+	if policyId <= 0 || userId <= 0 {
+		return errors.New("not found")
+	}
+	ok, err := this.Query().
+		State(SSLPolicyStateEnabled).
+		Pk(policyId).
+		Attr("userId", userId).
+		Exist()
+	if err != nil {
+		return err
+	}
+	if !ok {
+		return errors.New("not found")
+	}
+	return nil
+}

internal/db/models/user_dao.go

@@ -221,3 +221,11 @@ func (this *UserDAO) CheckUserPassword(username string, encryptedPassword string
 		ResultPk().
 		FindInt64Col(0)
 }
+
+// 查找用户所在集群
+func (this *UserDAO) FindUserClusterId(userId int64) (int64, error) {
+	return this.Query().
+		Pk(userId).
+		Result("clusterId").
+		FindInt64Col(0)
+}