feat: 项目与资源强校验&更新静态文件

server/devops/api/db.go

@@ -21,8 +21,9 @@ import (
 )
 
 type Db struct {
-	DbApp  application.Db
-	MsgApp sysApplication.Msg
+	DbApp      application.Db
+	MsgApp     sysApplication.Msg
+	ProjectApp application.Project
 }
 
 // @router /api/dbs [get]
@@ -71,6 +72,10 @@ func (d *Db) GetCreateTableDdl(rc *ctx.ReqCtx) {
 // @router /api/db/:dbId/exec-sql [get]
 func (d *Db) ExecSql(rc *ctx.ReqCtx) {
 	g := rc.GinCtx
+
+	dbInstance := d.DbApp.GetDbInstance(GetDbId(g))
+	biz.IsTrue(d.ProjectApp.CanAccess(rc.LoginAccount.Id, dbInstance.ProjectId), "您无权操作该资源")
+
 	// 去除前后空格及换行符
 	sql := strings.TrimFunc(g.Query("sql"), func(r rune) bool {
 		s := string(r)
@@ -80,14 +85,14 @@ func (d *Db) ExecSql(rc *ctx.ReqCtx) {
 
 	biz.NotEmpty(sql, "sql不能为空")
 	if strings.HasPrefix(sql, "SELECT") || strings.HasPrefix(sql, "select") {
-		colNames, res, err := d.DbApp.GetDbInstance(GetDbId(g)).SelectData(sql)
+		colNames, res, err := dbInstance.SelectData(sql)
 		biz.ErrIsNilAppendErr(err, "查询失败: %s")
 		colAndRes := make(map[string]interface{})
 		colAndRes["colNames"] = colNames
 		colAndRes["res"] = res
 		rc.ResData = colAndRes
 	} else {
-		rowsAffected, err := d.DbApp.GetDbInstance(GetDbId(g)).Exec(sql)
+		rowsAffected, err := dbInstance.Exec(sql)
 		biz.ErrIsNilAppendErr(err, "执行失败: %s")
 		res := make([]map[string]string, 0)
 		resData := make(map[string]string)
@@ -131,6 +136,8 @@ func (d *Db) ExecSqlFile(rc *ctx.ReqCtx) {
 			}
 		}()
 
+		biz.IsTrue(d.ProjectApp.CanAccess(rc.LoginAccount.Id, db.ProjectId), "您无权操作该资源")
+
 		for _, sql := range sqls {
 			sql = strings.Trim(sql, " ")
 			if sql == "" || sql == "\n" {
@@ -148,7 +155,9 @@ func (d *Db) ExecSqlFile(rc *ctx.ReqCtx) {
 
 // @router /api/db/:dbId/t-metadata [get]
 func (d *Db) TableMA(rc *ctx.ReqCtx) {
-	rc.ResData = d.DbApp.GetDbInstance(GetDbId(rc.GinCtx)).GetTableMetedatas()
+	dbi := d.DbApp.GetDbInstance(GetDbId(rc.GinCtx))
+	biz.IsTrue(d.ProjectApp.CanAccess(rc.LoginAccount.Id, dbi.ProjectId), "您无权操作该资源")
+	rc.ResData = dbi.GetTableMetedatas()
 }
 
 // @router /api/db/:dbId/c-metadata [get]
@@ -156,12 +165,16 @@ func (d *Db) ColumnMA(rc *ctx.ReqCtx) {
 	g := rc.GinCtx
 	tn := g.Query("tableName")
 	biz.NotEmpty(tn, "tableName不能为空")
-	rc.ResData = d.DbApp.GetDbInstance(GetDbId(rc.GinCtx)).GetColumnMetadatas(tn)
+
+	dbi := d.DbApp.GetDbInstance(GetDbId(rc.GinCtx))
+	biz.IsTrue(d.ProjectApp.CanAccess(rc.LoginAccount.Id, dbi.ProjectId), "您无权操作该资源")
+	rc.ResData = dbi.GetColumnMetadatas(tn)
 }
 
 // @router /api/db/:dbId/hint-tables [get]
 func (d *Db) HintTables(rc *ctx.ReqCtx) {
 	dbi := d.DbApp.GetDbInstance(GetDbId(rc.GinCtx))
+	biz.IsTrue(d.ProjectApp.CanAccess(rc.LoginAccount.Id, dbi.ProjectId), "您无权操作该资源")
 	// 获取所有表
 	tables := dbi.GetTableMetedatas()
 

server/devops/api/machine.go

@@ -21,6 +21,7 @@ import (
 
 type Machine struct {
 	MachineApp application.Machine
+	ProjectApp application.Project
 }
 
 func (m *Machine) Machines(rc *ctx.ReqCtx) {
@@ -95,7 +96,11 @@ func (m *Machine) GetProcess(rc *ctx.ReqCtx) {
 	}
 
 	cmd += "| head -n " + count
-	res, err := m.MachineApp.GetCli(GetMachineId(rc.GinCtx)).Run(cmd)
+
+	cli := m.MachineApp.GetCli(GetMachineId(rc.GinCtx))
+	biz.IsTrue(m.ProjectApp.CanAccess(rc.LoginAccount.Id, cli.GetMachine().ProjectId), "您无权操作该资源")
+
+	res, err := cli.Run(cmd)
 	biz.ErrIsNilAppendErr(err, "获取进程信息失败: %s")
 	rc.ResData = res
 }
@@ -104,7 +109,11 @@ func (m *Machine) GetProcess(rc *ctx.ReqCtx) {
 func (m *Machine) KillProcess(rc *ctx.ReqCtx) {
 	pid := rc.GinCtx.Query("pid")
 	biz.NotEmpty(pid, "进程id不能为空")
-	_, err := m.MachineApp.GetCli(GetMachineId(rc.GinCtx)).Run("kill -9 " + pid)
+
+	cli := m.MachineApp.GetCli(GetMachineId(rc.GinCtx))
+	biz.IsTrue(m.ProjectApp.CanAccess(rc.LoginAccount.Id, cli.GetMachine().ProjectId), "您无权操作该资源")
+
+	_, err := cli.Run("kill -9 " + pid)
 	biz.ErrIsNilAppendErr(err, "终止进程失败: %s")
 }
 
@@ -125,15 +134,14 @@ func (m *Machine) WsSSH(g *gin.Context) {
 	if err = ctx.PermissionHandler(rc); err != nil {
 		panic(biz.NewBizErr("没有权限"))
 	}
-	// 演示环境禁止非admin用户执行
-	// if rc.LoginAccount.Username != "admin" {
-	// 	panic(biz.NewBizErrCode(401, "非admin用户无权该操作"))
-	// }
 
 	cols := ginx.QueryInt(g, "cols", 80)
 	rows := ginx.QueryInt(g, "rows", 40)
 
-	sws, err := machine.NewLogicSshWsSession(cols, rows, m.MachineApp.GetCli(GetMachineId(g)), wsConn)
+	cli := m.MachineApp.GetCli(GetMachineId(g))
+	biz.IsTrue(m.ProjectApp.CanAccess(rc.LoginAccount.Id, cli.GetMachine().ProjectId), "您无权操作该资源")
+
+	sws, err := machine.NewLogicSshWsSession(cols, rows, cli, wsConn)
 	biz.ErrIsNilAppendErr(err, "连接失败：%s")
 	defer sws.Close()
 

server/devops/api/machine_script.go

@@ -18,6 +18,7 @@ import (
 type MachineScript struct {
 	MachineScriptApp application.MachineScript
 	MachineApp       application.Machine
+	ProjectApp       application.Project
 }
 
 func (m *MachineScript) MachineScripts(rc *ctx.ReqCtx) {
@@ -62,7 +63,10 @@ func (m *MachineScript) RunMachineScript(rc *ctx.ReqCtx) {
 	if params := g.Query("params"); params != "" {
 		script = utils.TemplateParse(ms.Script, utils.Json2Map(params))
 	}
-	res, err := m.MachineApp.GetCli(machineId).Run(script)
+	cli := m.MachineApp.GetCli(machineId)
+	biz.IsTrue(m.ProjectApp.CanAccess(rc.LoginAccount.Id, cli.GetMachine().ProjectId), "您无权操作该资源")
+
+	res, err := cli.Run(script)
 	// 记录请求参数
 	rc.ReqParam = fmt.Sprintf("[machineId: %d, scriptId: %d, name: %s]", machineId, scriptId, ms.Name)
 	if err != nil {

server/devops/api/redis.go

@@ -15,7 +15,8 @@ import (
 )
 
 type Redis struct {
-	RedisApp application.Redis
+	RedisApp   application.Redis
+	ProjectApp application.Project
 }
 
 func (r *Redis) RedisList(rc *ctx.ReqCtx) {
@@ -85,6 +86,8 @@ func (r *Redis) Scan(rc *ctx.ReqCtx) {
 	g := rc.GinCtx
 
 	ri := r.RedisApp.GetRedisInstance(uint64(ginx.PathParamInt(g, "id")))
+	biz.IsTrue(r.ProjectApp.CanAccess(rc.LoginAccount.Id, ri.ProjectId), "您无权操作该资源")
+
 	keys, cursor := ri.Scan(uint64(ginx.PathParamInt(g, "cursor")), g.Query("match"), int64(ginx.PathParamInt(g, "count")))
 
 	var keyInfoSplit []string
@@ -123,6 +126,8 @@ func (r *Redis) DeleteKey(rc *ctx.ReqCtx) {
 	biz.NotEmpty(key, "key不能为空")
 
 	ri := r.RedisApp.GetRedisInstance(uint64(ginx.PathParamInt(g, "id")))
+	biz.IsTrue(r.ProjectApp.CanAccess(rc.LoginAccount.Id, ri.ProjectId), "您无权操作该资源")
+
 	rc.ReqParam = key
 	ri.Cli.Del(key)
 }
@@ -132,7 +137,10 @@ func (r *Redis) checkKey(rc *ctx.ReqCtx) (*application.RedisInstance, string) {
 	key := g.Query("key")
 	biz.NotEmpty(key, "key不能为空")
 
-	return r.RedisApp.GetRedisInstance(uint64(ginx.PathParamInt(g, "id"))), key
+	ri := r.RedisApp.GetRedisInstance(uint64(ginx.PathParamInt(g, "id")))
+	biz.IsTrue(r.ProjectApp.CanAccess(rc.LoginAccount.Id, ri.ProjectId), "您无权操作该资源")
+
+	return ri, key
 }
 
 func (r *Redis) GetStringValue(rc *ctx.ReqCtx) {
@@ -155,6 +163,8 @@ func (r *Redis) SetStringValue(rc *ctx.ReqCtx) {
 	ginx.BindJsonAndValid(g, keyValue)
 
 	ri := r.RedisApp.GetRedisInstance(uint64(ginx.PathParamInt(g, "id")))
+	biz.IsTrue(r.ProjectApp.CanAccess(rc.LoginAccount.Id, ri.ProjectId), "您无权操作该资源")
+
 	str, err := ri.Cli.Set(keyValue.Key, keyValue.Value, time.Second*time.Duration(keyValue.Timed)).Result()
 	biz.ErrIsNilAppendErr(err, "保存字符串值失败: %s")
 	rc.ResData = str
@@ -166,6 +176,8 @@ func (r *Redis) SetHashValue(rc *ctx.ReqCtx) {
 	ginx.BindJsonAndValid(g, hashValue)
 
 	ri := r.RedisApp.GetRedisInstance(uint64(ginx.PathParamInt(g, "id")))
+	biz.IsTrue(r.ProjectApp.CanAccess(rc.LoginAccount.Id, ri.ProjectId), "您无权操作该资源")
+
 	key := hashValue.Key
 	// 简单处理->先删除，后新增
 	ri.Cli.Del(key)
@@ -191,6 +203,8 @@ func (r *Redis) SetSetValue(rc *ctx.ReqCtx) {
 	ginx.BindJsonAndValid(g, keyvalue)
 
 	ri := r.RedisApp.GetRedisInstance(uint64(ginx.PathParamInt(g, "id")))
+	biz.IsTrue(r.ProjectApp.CanAccess(rc.LoginAccount.Id, ri.ProjectId), "您无权操作该资源")
+
 	key := keyvalue.Key
 	// 简单处理->先删除，后新增
 	ri.Cli.Del(key)