mirror of
https://github.com/TeaOSLab/EdgeAPI.git
synced 2025-11-05 01:20:25 +08:00
423 lines
11 KiB
Go
423 lines
11 KiB
Go
package services
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
|
"github.com/TeaOSLab/EdgeAPI/internal/errors"
|
|
rpcutils "github.com/TeaOSLab/EdgeAPI/internal/rpc/utils"
|
|
"github.com/TeaOSLab/EdgeAPI/internal/utils"
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
|
|
)
|
|
|
|
type AdminService struct {
|
|
BaseService
|
|
|
|
debug bool
|
|
}
|
|
|
|
// 登录
|
|
func (this *AdminService) LoginAdmin(ctx context.Context, req *pb.LoginAdminRequest) (*pb.LoginAdminResponse, error) {
|
|
_, _, err := rpcutils.ValidateRequest(ctx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(req.Username) == 0 || len(req.Password) == 0 {
|
|
return &pb.LoginAdminResponse{
|
|
AdminId: 0,
|
|
IsOk: false,
|
|
Message: "请输入正确的用户名密码",
|
|
}, nil
|
|
}
|
|
|
|
adminId, err := models.SharedAdminDAO.CheckAdminPassword(req.Username, req.Password)
|
|
if err != nil {
|
|
utils.PrintError(err)
|
|
return nil, err
|
|
}
|
|
|
|
if adminId <= 0 {
|
|
return &pb.LoginAdminResponse{
|
|
AdminId: 0,
|
|
IsOk: false,
|
|
Message: "请输入正确的用户名密码",
|
|
}, nil
|
|
}
|
|
|
|
return &pb.LoginAdminResponse{
|
|
AdminId: adminId,
|
|
IsOk: true,
|
|
}, nil
|
|
}
|
|
|
|
// 检查管理员是否存在
|
|
func (this *AdminService) CheckAdminExists(ctx context.Context, req *pb.CheckAdminExistsRequest) (*pb.CheckAdminExistsResponse, error) {
|
|
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if req.AdminId <= 0 {
|
|
return &pb.CheckAdminExistsResponse{
|
|
IsOk: false,
|
|
}, nil
|
|
}
|
|
|
|
ok, err := models.SharedAdminDAO.ExistEnabledAdmin(req.AdminId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &pb.CheckAdminExistsResponse{
|
|
IsOk: ok,
|
|
}, nil
|
|
}
|
|
|
|
// 检查用户名是否存在
|
|
func (this *AdminService) CheckAdminUsername(ctx context.Context, req *pb.CheckAdminUsernameRequest) (*pb.CheckAdminUsernameResponse, error) {
|
|
// 校验请求
|
|
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
exists, err := models.SharedAdminDAO.CheckAdminUsername(req.AdminId, req.Username)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &pb.CheckAdminUsernameResponse{Exists: exists}, nil
|
|
}
|
|
|
|
// 获取管理员名称
|
|
func (this *AdminService) FindAdminFullname(ctx context.Context, req *pb.FindAdminFullnameRequest) (*pb.FindAdminFullnameResponse, error) {
|
|
// 校验请求
|
|
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
fullname, err := models.SharedAdminDAO.FindAdminFullname(req.AdminId)
|
|
if err != nil {
|
|
utils.PrintError(err)
|
|
return nil, err
|
|
}
|
|
|
|
return &pb.FindAdminFullnameResponse{
|
|
Fullname: fullname,
|
|
}, nil
|
|
}
|
|
|
|
// 获取管理员信息
|
|
func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnabledAdminRequest) (*pb.FindEnabledAdminResponse, error) {
|
|
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// TODO 检查权限
|
|
|
|
admin, err := models.SharedAdminDAO.FindEnabledAdmin(req.AdminId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if admin == nil {
|
|
return &pb.FindEnabledAdminResponse{Admin: nil}, nil
|
|
}
|
|
|
|
pbModules := []*pb.AdminModule{}
|
|
modules := []*systemconfigs.AdminModule{}
|
|
if len(admin.Modules) > 0 && admin.Modules != "null" {
|
|
err = json.Unmarshal([]byte(admin.Modules), &modules)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
for _, module := range modules {
|
|
pbModules = append(pbModules, &pb.AdminModule{
|
|
AllowAll: module.AllowAll,
|
|
Code: module.Code,
|
|
Actions: module.Actions,
|
|
})
|
|
}
|
|
}
|
|
|
|
// OTP认证
|
|
var pbOtpAuth *pb.Login = nil
|
|
{
|
|
adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(int64(admin.Id), models.LoginTypeOTP)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if adminAuth != nil {
|
|
pbOtpAuth = &pb.Login{
|
|
Id: int64(adminAuth.Id),
|
|
Type: adminAuth.Type,
|
|
ParamsJSON: []byte(adminAuth.Params),
|
|
IsOn: adminAuth.IsOn == 1,
|
|
}
|
|
}
|
|
}
|
|
|
|
result := &pb.Admin{
|
|
Id: int64(admin.Id),
|
|
Fullname: admin.Fullname,
|
|
Username: admin.Username,
|
|
IsOn: admin.IsOn == 1,
|
|
IsSuper: admin.IsSuper == 1,
|
|
Modules: pbModules,
|
|
OtpLogin: pbOtpAuth,
|
|
}
|
|
return &pb.FindEnabledAdminResponse{Admin: result}, nil
|
|
}
|
|
|
|
// 创建或修改管理员
|
|
func (this *AdminService) CreateOrUpdateAdmin(ctx context.Context, req *pb.CreateOrUpdateAdminRequest) (*pb.CreateOrUpdateAdminResponse, error) {
|
|
// 校验请求
|
|
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeAPI)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
adminId, err := models.SharedAdminDAO.FindAdminIdWithUsername(req.Username)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if adminId > 0 {
|
|
err = models.SharedAdminDAO.UpdateAdminPassword(adminId, req.Password)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &pb.CreateOrUpdateAdminResponse{AdminId: adminId}, nil
|
|
}
|
|
adminId, err = models.SharedAdminDAO.CreateAdmin(req.Username, req.Password, "管理员", true, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &pb.CreateOrUpdateAdminResponse{AdminId: adminId}, nil
|
|
}
|
|
|
|
// 修改管理员信息
|
|
func (this *AdminService) UpdateAdminInfo(ctx context.Context, req *pb.UpdateAdminInfoRequest) (*pb.RPCSuccess, error) {
|
|
// 校验请求
|
|
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeAPI)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
err = models.SharedAdminDAO.UpdateAdminInfo(req.AdminId, req.Fullname)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return this.Success()
|
|
}
|
|
|
|
// 修改管理员登录信息
|
|
func (this *AdminService) UpdateAdminLogin(ctx context.Context, req *pb.UpdateAdminLoginRequest) (*pb.RPCSuccess, error) {
|
|
// 校验请求
|
|
_, _, err := rpcutils.ValidateRequest(ctx, rpcutils.UserTypeAdmin, rpcutils.UserTypeAPI)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
exists, err := models.SharedAdminDAO.CheckAdminUsername(req.AdminId, req.Username)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if exists {
|
|
return nil, errors.New("username already been token")
|
|
}
|
|
|
|
err = models.SharedAdminDAO.UpdateAdminLogin(req.AdminId, req.Username, req.Password)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return this.Success()
|
|
}
|
|
|
|
// 获取所有管理员的权限列表
|
|
func (this *AdminService) FindAllAdminModules(ctx context.Context, req *pb.FindAllAdminModulesRequest) (*pb.FindAllAdminModulesResponse, error) {
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// TODO 检查权限
|
|
|
|
admins, err := models.SharedAdminDAO.FindAllAdminModules()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
result := []*pb.AdminModuleList{}
|
|
for _, admin := range admins {
|
|
modules := []*systemconfigs.AdminModule{}
|
|
if len(admin.Modules) > 0 && admin.Modules != "null" {
|
|
err = json.Unmarshal([]byte(admin.Modules), &modules)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
pbModules := []*pb.AdminModule{}
|
|
for _, module := range modules {
|
|
pbModules = append(pbModules, &pb.AdminModule{
|
|
AllowAll: module.AllowAll,
|
|
Code: module.Code,
|
|
Actions: module.Actions,
|
|
})
|
|
}
|
|
|
|
list := &pb.AdminModuleList{
|
|
AdminId: int64(admin.Id),
|
|
IsSuper: admin.IsSuper == 1,
|
|
Fullname: admin.Fullname,
|
|
Modules: pbModules,
|
|
}
|
|
result = append(result, list)
|
|
}
|
|
|
|
return &pb.FindAllAdminModulesResponse{AdminModules: result}, nil
|
|
}
|
|
|
|
// 创建管理员
|
|
func (this *AdminService) CreateAdmin(ctx context.Context, req *pb.CreateAdminRequest) (*pb.CreateAdminResponse, error) {
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// TODO 检查权限
|
|
|
|
adminId, err := models.SharedAdminDAO.CreateAdmin(req.Username, req.Password, req.Fullname, req.IsSuper, req.ModulesJSON)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &pb.CreateAdminResponse{AdminId: adminId}, nil
|
|
}
|
|
|
|
// 修改管理员
|
|
func (this *AdminService) UpdateAdmin(ctx context.Context, req *pb.UpdateAdminRequest) (*pb.RPCSuccess, error) {
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// TODO 检查权限
|
|
|
|
err = models.SharedAdminDAO.UpdateAdmin(req.AdminId, req.Username, req.Password, req.Fullname, req.IsSuper, req.ModulesJSON, req.IsOn)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return this.Success()
|
|
}
|
|
|
|
// 计算管理员数量
|
|
func (this *AdminService) CountAllEnabledAdmins(ctx context.Context, req *pb.CountAllEnabledAdminsRequest) (*pb.RPCCountResponse, error) {
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// TODO 检查权限
|
|
|
|
count, err := models.SharedAdminDAO.CountAllEnabledAdmins()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return this.SuccessCount(count)
|
|
}
|
|
|
|
// 列出单页的管理员
|
|
func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEnabledAdminsRequest) (*pb.ListEnabledAdminsResponse, error) {
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// TODO 检查权限
|
|
|
|
admins, err := models.SharedAdminDAO.ListEnabledAdmins(req.Offset, req.Size)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
result := []*pb.Admin{}
|
|
for _, admin := range admins {
|
|
var pbOtpAuth *pb.Login = nil
|
|
{
|
|
adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(int64(admin.Id), models.LoginTypeOTP)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if adminAuth != nil {
|
|
pbOtpAuth = &pb.Login{
|
|
Id: int64(adminAuth.Id),
|
|
Type: adminAuth.Type,
|
|
ParamsJSON: []byte(adminAuth.Params),
|
|
IsOn: adminAuth.IsOn == 1,
|
|
}
|
|
}
|
|
}
|
|
|
|
result = append(result, &pb.Admin{
|
|
Id: int64(admin.Id),
|
|
Fullname: admin.Fullname,
|
|
Username: admin.Username,
|
|
IsOn: admin.IsOn == 1,
|
|
IsSuper: admin.IsSuper == 1,
|
|
CreatedAt: int64(admin.CreatedAt),
|
|
OtpLogin: pbOtpAuth,
|
|
})
|
|
}
|
|
|
|
return &pb.ListEnabledAdminsResponse{Admins: result}, nil
|
|
}
|
|
|
|
// 删除管理员
|
|
func (this *AdminService) DeleteAdmin(ctx context.Context, req *pb.DeleteAdminRequest) (*pb.RPCSuccess, error) {
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// TODO 检查权限
|
|
|
|
// TODO 超级管理员用户是不能删除的,或者要至少留一个超级管理员用户
|
|
|
|
_, err = models.SharedAdminDAO.DisableAdmin(req.AdminId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return this.Success()
|
|
}
|
|
|
|
// 检查是否需要输入OTP
|
|
func (this *AdminService) CheckAdminOTPWithUsername(ctx context.Context, req *pb.CheckAdminOTPWithUsernameRequest) (*pb.CheckAdminOTPWithUsernameResponse, error) {
|
|
_, err := this.ValidateAdmin(ctx, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(req.Username) == 0 {
|
|
return &pb.CheckAdminOTPWithUsernameResponse{RequireOTP: false}, nil
|
|
}
|
|
|
|
adminId, err := models.SharedAdminDAO.FindAdminIdWithUsername(req.Username)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if adminId <= 0 {
|
|
return &pb.CheckAdminOTPWithUsernameResponse{RequireOTP: false}, nil
|
|
}
|
|
|
|
otpIsOn, err := models.SharedLoginDAO.CheckLoginIsOn(adminId, "otp")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &pb.CheckAdminOTPWithUsernameResponse{RequireOTP: otpIsOn}, nil
|
|
}
|