diff --git a/internal/biz/account.go b/internal/biz/account.go index ae23b002..b3dfd653 100644 --- a/internal/biz/account.go +++ b/internal/biz/account.go @@ -104,6 +104,7 @@ func authorize(user Account) (m map[string]interface{}, err error) { if err != nil { return } + m = util.MapStr{ "access_token": tokenString, "username": user.Username, @@ -133,6 +134,7 @@ func Login(username string, password string) (m map[string]interface{}, err erro if err != nil { return } + TokenMap[user.ID] = Token{ExpireIn: time.Now().Unix() + 86400} err = orm.Save(GenerateEvent(event.ActivityMetadata{ Category: "platform", Group: "rbac", @@ -185,23 +187,36 @@ func ValidateLogin(authorizationHeader string) (clams *UserClaims, err error) { return } tokenString := fields[1] + token, err := jwt.ParseWithClaims(tokenString, &UserClaims{}, func(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) } - return []byte(Secret), nil }) if err != nil { return } - if clams, ok := token.Claims.(*UserClaims); ok && token.Valid { - return clams, nil - } + clams, ok := token.Claims.(*UserClaims) + if clams.UserId == "" { err = errors.New("user id is empty") return } + fmt.Println("user token", clams.UserId, TokenMap[clams.UserId]) + tokenVal, ok := TokenMap[clams.UserId] + if !ok { + err = errors.New("token is invalid") + return + } + if tokenVal.ExpireIn < time.Now().Unix() { + err = errors.New("token is expire in") + delete(TokenMap, clams.UserId) + return + } + if ok && token.Valid { + return clams, nil + } return } diff --git a/internal/biz/enum/menu.go b/internal/biz/enum/menu.go deleted file mode 100644 index 3d75ee6e..00000000 --- a/internal/biz/enum/menu.go +++ /dev/null @@ -1,7 +0,0 @@ -package enum - -type Menu struct { - Id string `json:"id"` - - Privilege string `json:"privilege,omitempty"` -} diff --git a/internal/biz/permission.go b/internal/biz/permission.go index 2db9398d..b4199c64 100644 --- a/internal/biz/permission.go +++ b/internal/biz/permission.go @@ -6,6 +6,15 @@ var ClusterApis = make(map[string][]string) var IndexApis = make([]string, 50) var RoleMap = make(map[string]Role) + +type Token struct { + JwtStr string `json:"jwt_str"` + Value string `json:"value"` + ExpireIn int64 `json:"expire_in"` +} + +var TokenMap = make(map[string]Token) + var EsApiRoutes = core.NewRouter() type Role struct { diff --git a/internal/biz/user.go b/internal/biz/user.go index 7b92d07e..b5acafd2 100644 --- a/internal/biz/user.go +++ b/internal/biz/user.go @@ -27,7 +27,8 @@ func DeleteUser(localUser *User, id string) (err error) { if err != nil { return } - + fmt.Println("tokenmap", TokenMap) + delete(TokenMap, id) err = orm.Save(GenerateEvent(event.ActivityMetadata{ Category: "platform", Group: "rbac", diff --git a/plugin/api/account/account.go b/plugin/api/account/account.go index d10f93ec..06048cf7 100644 --- a/plugin/api/account/account.go +++ b/plugin/api/account/account.go @@ -111,6 +111,7 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P "username": "admin", "email": "admin@infini.ltd", "name": "admin", + "phone": "13011111111", } h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u)) } else { @@ -124,6 +125,7 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P "username": user.Username, "email": user.Email, "name": user.Name, + "phone": user.Phone, } h.WriteOKJSON(w, core.FoundResponse(reqUser.UserId, u)) } diff --git a/plugin/api/init.go b/plugin/api/init.go index 5de226e1..0d66b36b 100644 --- a/plugin/api/init.go +++ b/plugin/api/init.go @@ -28,7 +28,7 @@ func Init(cfg *config.AppConfig) { api.HandleAPIMethod(api.POST, path.Join(esPrefix, "doc/:index/_search"), m.IndexRequired(handler.HandleSearchDocumentAction, "doc.search")) api.HandleAPIMethod(api.POST, path.Join(esPrefix, "doc/:index"), m.IndexRequired(handler.HandleAddDocumentAction, "doc.create")) api.HandleAPIMethod(api.PUT, path.Join(esPrefix, "doc/:index/:docId"), m.IndexRequired(handler.HandleUpdateDocumentAction, "doc.update")) - api.HandleAPIMethod(api.DELETE, path.Join(esPrefix, "doc/:index/:docId"), m.ClusterRequired(handler.HandleDeleteDocumentAction, "doc.delete")) + api.HandleAPIMethod(api.DELETE, path.Join(esPrefix, "doc/:index/:docId"), m.IndexRequired(handler.HandleDeleteDocumentAction, "doc.delete")) api.HandleAPIMethod(api.GET, path.Join(esPrefix, "doc/_validate"), handler.ValidateDocIDAction) api.HandleAPIMethod(api.POST, path.Join(pathPrefix, "rebuild/*id"), handler.HandleReindexAction) diff --git a/plugin/api/rbac/api.go b/plugin/api/rbac/api.go index 1fecaa7d..2578f9e5 100644 --- a/plugin/api/rbac/api.go +++ b/plugin/api/rbac/api.go @@ -19,6 +19,7 @@ type Rbac struct { } func init() { + r := Rbac{} api.HandleAPIMethod(api.GET, "/permission/:type", r.ListPermission) api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.RoleAll))