访问控制支持基本认证和子请求认证

2025-12-10 16:30:24 +08:00 · 2021-06-19 21:35:38 +08:00
parent 68538170ed
commit 75c18751dd
17 changed files with 728 additions and 34 deletions
--- a/internal/web/actions/default/servers/server/settings/access/createPopup.go
+++ b/internal/web/actions/default/servers/server/settings/access/createPopup.go
@@ -3,7 +3,10 @@
 package access

 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/actions"
 )

@@ -16,12 +19,105 @@ func (this *CreatePopupAction) Init() {
 }

 func (this *CreatePopupAction) RunGet(params struct{}) {
+	this.Data["authTypes"] = serverconfigs.FindAllHTTPAuthTypes()
 	this.Show()
 }

 func (this *CreatePopupAction) RunPost(params struct {
+	Name string
+	Type string
+
+	// BasicAuth
+	HttpAuthBasicAuthUsersJSON []byte
+	BasicAuthRealm             string
+	BasicAuthCharset           string
+
+	// SubRequest
+	SubRequestURL           string
+	SubRequestMethod        string
+	SubRequestFollowRequest bool
+
 	Must *actions.Must
 	CSRF *actionutils.CSRF
 }) {
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入名称").
+		Field("type", params.Type).
+		Require("请输入认证类型")

+	var ref = &serverconfigs.HTTPAuthPolicyRef{IsOn: true}
+	var paramsJSON []byte
+
+	switch params.Type {
+	case serverconfigs.HTTPAuthTypeBasicAuth:
+		users := []*serverconfigs.HTTPAuthBasicMethodUser{}
+		err := json.Unmarshal(params.HttpAuthBasicAuthUsersJSON, &users)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		if len(users) == 0 {
+			this.Fail("请添加至少一个用户")
+		}
+		method := &serverconfigs.HTTPAuthBasicMethod{
+			Users:   users,
+			Realm:   params.BasicAuthRealm,
+			Charset: params.BasicAuthCharset,
+		}
+		methodJSON, err := json.Marshal(method)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		paramsJSON = methodJSON
+	case serverconfigs.HTTPAuthTypeSubRequest:
+		params.Must.Field("subRequestURL", params.SubRequestURL).
+			Require("请输入子请求URL")
+		if params.SubRequestFollowRequest {
+			params.SubRequestMethod = ""
+		}
+		method := &serverconfigs.HTTPAuthSubRequestMethod{
+			URL:    params.SubRequestURL,
+			Method: params.SubRequestMethod,
+		}
+		methodJSON, err := json.Marshal(method)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		paramsJSON = methodJSON
+	default:
+		this.Fail("不支持的认证类型'" + params.Type + "'")
+	}
+
+	var paramsMap map[string]interface{}
+	err := json.Unmarshal(paramsJSON, &paramsMap)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	createResp, err := this.RPC().HTTPAuthPolicyRPC().CreateHTTPAuthPolicy(this.AdminContext(), &pb.CreateHTTPAuthPolicyRequest{
+		Name:       params.Name,
+		Type:       params.Type,
+		ParamsJSON: paramsJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	defer this.CreateLogInfo("创建HTTP认证 %d", createResp.HttpAuthPolicyId)
+	ref.AuthPolicyId = createResp.HttpAuthPolicyId
+	ref.AuthPolicy = &serverconfigs.HTTPAuthPolicy{
+		Id:     createResp.HttpAuthPolicyId,
+		Name:   params.Name,
+		IsOn:   true,
+		Type:   params.Type,
+		Params: paramsMap,
+	}
+
+	this.Data["policyRef"] = ref
+	this.Success()
 }