优化访问控制，将“认证”两字改为“鉴权”

internal/web/actions/default/servers/server/settings/access/createPopup.go

@@ -1,13 +1,16 @@
 // Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+//go:build !plus
 
 package access
 
 import (
 	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/actions"
+	"strings"
 )
 
 type CreatePopupAction struct {
@@ -37,6 +40,9 @@ func (this *CreatePopupAction) RunPost(params struct {
 	SubRequestMethod        string
 	SubRequestFollowRequest bool
 
+	Exts        []string
+	DomainsJSON []byte
+
 	Must *actions.Must
 	CSRF *actionutils.CSRF
 }) {
@@ -44,14 +50,42 @@ func (this *CreatePopupAction) RunPost(params struct {
 		Field("name", params.Name).
 		Require("请输入名称").
 		Field("type", params.Type).
-		Require("请输入认证类型")
+		Require("请输入鉴权类型")
 
 	var ref = &serverconfigs.HTTPAuthPolicyRef{IsOn: true}
-	var paramsJSON []byte
+
+	// 扩展名
+	var exts = utils.NewStringsStream(params.Exts).
+		Map(strings.TrimSpace, strings.ToLower).
+		Filter(utils.FilterNotEmpty).
+		Map(utils.MapAddPrefixFunc(".")).
+		Unique().
+		Result()
+
+	// 域名
+	var domains = []string{}
+	if len(params.DomainsJSON) > 0 {
+		var rawDomains = []string{}
+		err := json.Unmarshal(params.DomainsJSON, &rawDomains)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		// TODO 如果用户填写了一个网址，应该分析域名并填入
+
+		domains = utils.NewStringsStream(rawDomains).
+			Map(strings.TrimSpace, strings.ToLower).
+			Filter(utils.FilterNotEmpty).
+			Unique().
+			Result()
+	}
+
+	var method serverconfigs.HTTPAuthMethodInterface
 
 	switch params.Type {
 	case serverconfigs.HTTPAuthTypeBasicAuth:
-		users := []*serverconfigs.HTTPAuthBasicMethodUser{}
+		var users = []*serverconfigs.HTTPAuthBasicMethodUser{}
 		err := json.Unmarshal(params.HttpAuthBasicAuthUsersJSON, &users)
 		if err != nil {
 			this.ErrorPage(err)
@@ -60,40 +94,39 @@ func (this *CreatePopupAction) RunPost(params struct {
 		if len(users) == 0 {
 			this.Fail("请添加至少一个用户")
 		}
-		method := &serverconfigs.HTTPAuthBasicMethod{
+		method = &serverconfigs.HTTPAuthBasicMethod{
 			Users:   users,
 			Realm:   params.BasicAuthRealm,
 			Charset: params.BasicAuthCharset,
 		}
-		methodJSON, err := json.Marshal(method)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-
-		paramsJSON = methodJSON
 	case serverconfigs.HTTPAuthTypeSubRequest:
 		params.Must.Field("subRequestURL", params.SubRequestURL).
 			Require("请输入子请求URL")
 		if params.SubRequestFollowRequest {
 			params.SubRequestMethod = ""
 		}
-		method := &serverconfigs.HTTPAuthSubRequestMethod{
+		method = &serverconfigs.HTTPAuthSubRequestMethod{
 			URL:    params.SubRequestURL,
 			Method: params.SubRequestMethod,
 		}
-		methodJSON, err := json.Marshal(method)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-		paramsJSON = methodJSON
 	default:
-		this.Fail("不支持的认证类型'" + params.Type + "'")
+		this.Fail("不支持的鉴权类型'" + params.Type + "'")
+	}
+
+	if method == nil {
+		this.Fail("无法找到对应的鉴权方式")
+	}
+	method.SetExts(exts)
+	method.SetDomains(domains)
+
+	paramsJSON, err := json.Marshal(method)
+	if err != nil {
+		this.ErrorPage(err)
+		return
 	}
 
 	var paramsMap map[string]interface{}
-	err := json.Unmarshal(paramsJSON, &paramsMap)
+	err = json.Unmarshal(paramsJSON, &paramsMap)
 	if err != nil {
 		this.ErrorPage(err)
 		return
@@ -108,7 +141,7 @@ func (this *CreatePopupAction) RunPost(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	defer this.CreateLogInfo("创建HTTP认证 %d", createResp.HttpAuthPolicyId)
+	defer this.CreateLogInfo("创建HTTP鉴权 %d", createResp.HttpAuthPolicyId)
 	ref.AuthPolicyId = createResp.HttpAuthPolicyId
 	ref.AuthPolicy = &serverconfigs.HTTPAuthPolicy{
 		Id:     createResp.HttpAuthPolicyId,

internal/web/actions/default/servers/server/settings/access/index.go

@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
 )
 
 type IndexAction struct {
@@ -28,6 +29,26 @@ func (this *IndexAction) RunGet(params struct {
 	}
 
 	this.Data["webId"] = webConfig.Id
+
+	// 移除不存在的鉴权方法
+	var allTypes = []string{}
+	for _, def := range serverconfigs.FindAllHTTPAuthTypes() {
+		allTypes = append(allTypes, def.Code)
+	}
+
+	var refs = webConfig.Auth.PolicyRefs
+	var realRefs = []*serverconfigs.HTTPAuthPolicyRef{}
+	for _, ref := range refs {
+		if ref.AuthPolicy == nil {
+			continue
+		}
+		if !lists.ContainsString(allTypes, ref.AuthPolicy.Type) {
+			continue
+		}
+		realRefs = append(realRefs, ref)
+	}
+	webConfig.Auth.PolicyRefs = realRefs
+
 	this.Data["authConfig"] = webConfig.Auth
 
 	this.Show()
@@ -40,7 +61,7 @@ func (this *IndexAction) RunPost(params struct {
 	Must *actions.Must
 	CSRF *actionutils.CSRF
 }) {
-	defer this.CreateLogInfo("修改Web %d 的认证设置", params.WebId)
+	defer this.CreateLogInfo("修改Web %d 的鉴权设置", params.WebId)
 
 	var authConfig = &serverconfigs.HTTPAuthConfig{}
 	err := json.Unmarshal(params.AuthJSON, authConfig)
@@ -53,7 +74,7 @@ func (this *IndexAction) RunPost(params struct {
 		this.Fail("配置校验失败：" + err.Error())
 	}
 
-	// 保存之前删除多于的配置信息
+	// 保存之前删除多余的配置信息
 	for _, ref := range authConfig.PolicyRefs {
 		ref.AuthPolicy = nil
 	}

internal/web/actions/default/servers/server/settings/access/init.go

@@ -16,6 +16,7 @@ func init() {
 			GetPost("", new(IndexAction)).
 			GetPost("/createPopup", new(CreatePopupAction)).
 			GetPost("/updatePopup", new(UpdatePopupAction)).
+			Post("/random", new(RandomAction)).
 			EndAll()
 	})
 }

internal/web/actions/default/servers/server/settings/access/random.go

@@ -0,0 +1,18 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package access
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/iwind/TeaGo/rands"
+)
+
+type RandomAction struct {
+	actionutils.ParentAction
+}
+
+func (this *RandomAction) RunPost(params struct{}) {
+	this.Data["random"] = rands.HexString(32)
+
+	this.Success()
+}

internal/web/actions/default/servers/server/settings/access/updatePopup.go

@@ -1,14 +1,17 @@
 // Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+//go:build !plus
 
 package access
 
 import (
 	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"strings"
 )
 
 type UpdatePopupAction struct {
@@ -70,17 +73,20 @@ func (this *UpdatePopupAction) RunPost(params struct {
 	SubRequestMethod        string
 	SubRequestFollowRequest bool
 
+	Exts        []string
+	DomainsJSON []byte
+
 	Must *actions.Must
 	CSRF *actionutils.CSRF
 }) {
-	defer this.CreateLogInfo("修改HTTP认证 %d", params.PolicyId)
+	defer this.CreateLogInfo("修改HTTP鉴权 %d", params.PolicyId)
 
 	policyResp, err := this.RPC().HTTPAuthPolicyRPC().FindEnabledHTTPAuthPolicy(this.AdminContext(), &pb.FindEnabledHTTPAuthPolicyRequest{HttpAuthPolicyId: params.PolicyId})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
-	policy := policyResp.HttpAuthPolicy
+	var policy = policyResp.HttpAuthPolicy
 	if policy == nil {
 		this.NotFound("httpAuthPolicy", params.PolicyId)
 		return
@@ -91,12 +97,40 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		Field("name", params.Name).
 		Require("请输入名称")
 
+	// 扩展名
+	var exts = utils.NewStringsStream(params.Exts).
+		Map(strings.TrimSpace, strings.ToLower).
+		Filter(utils.FilterNotEmpty).
+		Map(utils.MapAddPrefixFunc(".")).
+		Unique().
+		Result()
+
+	// 域名
+	var domains = []string{}
+	if len(params.DomainsJSON) > 0 {
+		var rawDomains = []string{}
+		err := json.Unmarshal(params.DomainsJSON, &rawDomains)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		// TODO 如果用户填写了一个网址，应该分析域名并填入
+
+		domains = utils.NewStringsStream(rawDomains).
+			Map(strings.TrimSpace, strings.ToLower).
+			Filter(utils.FilterNotEmpty).
+			Unique().
+			Result()
+	}
+
 	var ref = &serverconfigs.HTTPAuthPolicyRef{IsOn: true}
-	var paramsJSON []byte
+
+	var method serverconfigs.HTTPAuthMethodInterface
 
 	switch policyType {
 	case serverconfigs.HTTPAuthTypeBasicAuth:
-		users := []*serverconfigs.HTTPAuthBasicMethodUser{}
+		var users = []*serverconfigs.HTTPAuthBasicMethodUser{}
 		err := json.Unmarshal(params.HttpAuthBasicAuthUsersJSON, &users)
 		if err != nil {
 			this.ErrorPage(err)
@@ -105,36 +139,35 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		if len(users) == 0 {
 			this.Fail("请添加至少一个用户")
 		}
-		method := &serverconfigs.HTTPAuthBasicMethod{
+		method = &serverconfigs.HTTPAuthBasicMethod{
 			Users:   users,
 			Realm:   params.BasicAuthRealm,
 			Charset: params.BasicAuthCharset,
 		}
-		methodJSON, err := json.Marshal(method)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-
-		paramsJSON = methodJSON
 	case serverconfigs.HTTPAuthTypeSubRequest:
 		params.Must.Field("subRequestURL", params.SubRequestURL).
 			Require("请输入子请求URL")
 		if params.SubRequestFollowRequest {
 			params.SubRequestMethod = ""
 		}
-		method := &serverconfigs.HTTPAuthSubRequestMethod{
+		method = &serverconfigs.HTTPAuthSubRequestMethod{
 			URL:    params.SubRequestURL,
 			Method: params.SubRequestMethod,
 		}
-		methodJSON, err := json.Marshal(method)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-		paramsJSON = methodJSON
 	default:
-		this.Fail("不支持的认证类型'" + policyType + "'")
+		this.Fail("不支持的鉴权类型'" + policyType + "'")
+	}
+
+	if method == nil {
+		this.Fail("无法找到对应的鉴权方式")
+	}
+	method.SetExts(exts)
+	method.SetDomains(domains)
+
+	paramsJSON, err := json.Marshal(method)
+	if err != nil {
+		this.ErrorPage(err)
+		return
 	}
 
 	var paramsMap map[string]interface{}