diff --git a/internal/biz/enum/const.go b/internal/biz/enum/const.go index 6309252c..a0dcefea 100644 --- a/internal/biz/enum/const.go +++ b/internal/biz/enum/const.go @@ -4,11 +4,11 @@ import ( "time" ) -var UserRead = []string{"system.user:read"} -var UserAll = []string{"system.user:all"} +const UserRead = "system.user:read" +const UserAll = "system.user:all" -var RoleRead = []string{"system.role:read"} -var RoleAll = []string{"system.role:all"} +const RoleRead = "system.role:read" +const RoleAll = "system.role:all" var RuleRead = []string{"rule::read"} var RuleAll = []string{"rule::read", "rule::write"} diff --git a/internal/biz/role.go b/internal/biz/role.go index bda17896..dc17d724 100644 --- a/internal/biz/role.go +++ b/internal/biz/role.go @@ -1,6 +1,7 @@ package biz import ( + "errors" "fmt" "infini.sh/console/internal/biz/enum" "infini.sh/console/model/rbac" @@ -26,7 +27,7 @@ type IRole interface { } type ConsoleRole struct { Name string `json:"name"` - Description string `json:"description" ` + Description string `json:"description"` RoleType string `json:"type" ` Platform []string `json:"platform,omitempty"` } @@ -135,6 +136,10 @@ func (role ElasticsearchRole) Update(localUser *User, model rbac.Role) (err erro return } func (role ConsoleRole) Create(localUser *User) (id string, err error) { + if role.Name == "" { + err = errors.New("role name is require") + return + } if _, ok := enum.BuildRoles[role.Name]; ok { err = fmt.Errorf("role name %s already exists", role.Name) return @@ -196,7 +201,10 @@ func (role ConsoleRole) Create(localUser *User) (id string, err error) { } func (role ElasticsearchRole) Create(localUser *User) (id string, err error) { - + if role.Name == "" { + err = errors.New("role name is require") + return + } if _, ok := enum.BuildRoles[role.Name]; ok { err = fmt.Errorf("role name %s already exists", role.Name) return diff --git a/internal/dto/role.go b/internal/dto/role.go index eeb4484f..e0ca51f0 100644 --- a/internal/dto/role.go +++ b/internal/dto/role.go @@ -16,13 +16,13 @@ type ElasticsearchPermission struct { IndexPrivilege []string `json:"index_privilege" ` } type CreateUser struct { - Username string `json:"username"` - Password string `json:"password"` - Name string `json:"name"` - Email string `json:"email"` - Phone string `json:"phone"` - Roles []Role `json:"roles"` - Tags []string `json:"tags"` + Username string `json:"username"` + + Name string `json:"name"` + Email string `json:"email"` + Phone string `json:"phone"` + Roles []Role `json:"roles"` + Tags []string `json:"tags"` } type Role struct { Id string `json:"id"` diff --git a/internal/middleware/user.go b/internal/middleware/user.go index cc919d2e..46fcc0fa 100644 --- a/internal/middleware/user.go +++ b/internal/middleware/user.go @@ -22,39 +22,39 @@ func LoginRequired(h httprouter.Handle) httprouter.Handle { func IndexRequired(h httprouter.Handle, route ...string) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - //claims, err := biz.ValidateLogin(r.Header.Get("Authorization")) - //if err != nil { - // w = handleError(w, http.StatusUnauthorized, err) - // return - //} - //newRole := biz.CombineUserRoles(claims.Roles) - // - //indexReq := biz.NewIndexRequest(ps, route) - // - //err = biz.ValidateIndex(indexReq, newRole) - //if err != nil { - // w = handleError(w, http.StatusForbidden, err) - // return - //} + claims, err := biz.ValidateLogin(r.Header.Get("Authorization")) + if err != nil { + w = handleError(w, http.StatusUnauthorized, err) + return + } + newRole := biz.CombineUserRoles(claims.Roles) + + indexReq := biz.NewIndexRequest(ps, route) + + err = biz.ValidateIndex(indexReq, newRole) + if err != nil { + w = handleError(w, http.StatusForbidden, err) + return + } h(w, r, ps) } } func ClusterRequired(h httprouter.Handle, route ...string) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - //claims, err := biz.ValidateLogin(r.Header.Get("Authorization")) - //if err != nil { - // w = handleError(w, http.StatusUnauthorized, err) - // return - //} - //newRole := biz.CombineUserRoles(claims.Roles) - //clusterReq := biz.NewClusterRequest(ps, route) - // - //err = biz.ValidateCluster(clusterReq, newRole) - //if err != nil { - // w = handleError(w, http.StatusForbidden, err) - // return - //} + claims, err := biz.ValidateLogin(r.Header.Get("Authorization")) + if err != nil { + w = handleError(w, http.StatusUnauthorized, err) + return + } + newRole := biz.CombineUserRoles(claims.Roles) + clusterReq := biz.NewClusterRequest(ps, route) + + err = biz.ValidateCluster(clusterReq, newRole) + if err != nil { + w = handleError(w, http.StatusForbidden, err) + return + } h(w, r, ps) } } diff --git a/plugin/api/account/account.go b/plugin/api/account/account.go index d01f3a4f..d10f93ec 100644 --- a/plugin/api/account/account.go +++ b/plugin/api/account/account.go @@ -33,13 +33,13 @@ func (h Account) Login(w http.ResponseWriter, r *http.Request, ps httprouter.Par var req dto.Login err := h.DecodeJSON(r, &req) if err != nil { - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } data, err := biz.Login(req.Username, req.Password) if err != nil { - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } data["status"] = "ok" @@ -100,7 +100,7 @@ func (h Account) Logout(w http.ResponseWriter, r *http.Request, ps httprouter.Pa func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { reqUser, err := biz.FromUserContext(r.Context()) if err != nil { - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } @@ -116,7 +116,7 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P } else { user, err := biz.GetUser(reqUser.UserId) if err != nil { - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } u := util.MapStr{ @@ -133,18 +133,18 @@ func (h Account) Profile(w http.ResponseWriter, r *http.Request, ps httprouter.P func (h Account) UpdatePassword(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { reqUser, err := biz.FromUserContext(r.Context()) if err != nil { - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } var req dto.UpdatePassword err = h.DecodeJSON(r, &req) if err != nil { - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } err = biz.UpdatePassword(reqUser, req) if err != nil { - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } h.WriteOKJSON(w, util.MapStr{ diff --git a/plugin/api/init.go b/plugin/api/init.go index c7086030..b4b2f4ec 100644 --- a/plugin/api/init.go +++ b/plugin/api/init.go @@ -25,9 +25,9 @@ func Init(cfg *config.AppConfig) { api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "dict/:id"), handler.DeleteDictItemAction) api.HandleAPIMethod(api.PUT, path.Join(pathPrefix, "dict/:id"), handler.UpdateDictItemAction) - api.HandleAPIMethod(api.POST, path.Join(esPrefix, "doc/:index/_search"), handler.HandleSearchDocumentAction) - api.HandleAPIMethod(api.POST, path.Join(esPrefix, "doc/:index"), handler.HandleAddDocumentAction) - api.HandleAPIMethod(api.PUT, path.Join(esPrefix, "doc/:index/:docId"), handler.HandleUpdateDocumentAction) + api.HandleAPIMethod(api.POST, path.Join(esPrefix, "doc/:index/_search"), m.IndexRequired(handler.HandleSearchDocumentAction, "doc.search")) + api.HandleAPIMethod(api.POST, path.Join(esPrefix, "doc/:index"), m.IndexRequired(handler.HandleAddDocumentAction, "doc.create")) + api.HandleAPIMethod(api.PUT, path.Join(esPrefix, "doc/:index/:docId"), m.IndexRequired(handler.HandleUpdateDocumentAction, "doc.create")) api.HandleAPIMethod(api.DELETE, path.Join(esPrefix, "doc/:index/:docId"), m.ClusterRequired(handler.HandleDeleteDocumentAction, "doc.delete")) api.HandleAPIMethod(api.GET, path.Join(esPrefix, "doc/_validate"), handler.ValidateDocIDAction) diff --git a/plugin/api/rbac/api.go b/plugin/api/rbac/api.go index 1eb847c9..49993a27 100644 --- a/plugin/api/rbac/api.go +++ b/plugin/api/rbac/api.go @@ -12,7 +12,6 @@ import ( "path" log "src/github.com/cihub/seelog" "src/github.com/mitchellh/mapstructure" - "strings" ) type Rbac struct { @@ -22,19 +21,19 @@ type Rbac struct { func init() { r := Rbac{} api.HandleAPIMethod(api.GET, "/permission/:type", r.ListPermission) - api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.RoleAll...)) - api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.RoleRead...)) - api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.RoleAll...)) - api.HandleAPIMethod(api.PUT, "/role/:id", m.PermissionRequired(r.UpdateRole, enum.RoleAll...)) - api.HandleAPIMethod(api.GET, "/role/_search", m.PermissionRequired(r.SearchRole, enum.RoleRead...)) + api.HandleAPIMethod(api.POST, "/role/:type", m.PermissionRequired(r.CreateRole, enum.RoleAll)) + api.HandleAPIMethod(api.GET, "/role/:id", m.PermissionRequired(r.GetRole, enum.RoleRead)) + api.HandleAPIMethod(api.DELETE, "/role/:id", m.PermissionRequired(r.DeleteRole, enum.RoleAll)) + api.HandleAPIMethod(api.PUT, "/role/:id", m.PermissionRequired(r.UpdateRole, enum.RoleAll)) + api.HandleAPIMethod(api.GET, "/role/_search", m.PermissionRequired(r.SearchRole, enum.RoleRead)) - api.HandleAPIMethod(api.POST, "/user", m.PermissionRequired(r.CreateUser, enum.UserAll...)) - api.HandleAPIMethod(api.GET, "/user/:id", m.PermissionRequired(r.GetUser, enum.UserRead...)) - api.HandleAPIMethod(api.DELETE, "/user/:id", m.PermissionRequired(r.DeleteUser, enum.UserAll...)) - api.HandleAPIMethod(api.PUT, "/user/:id", m.PermissionRequired(r.UpdateUser, enum.UserAll...)) - api.HandleAPIMethod(api.PUT, "/user/:id/role", m.PermissionRequired(r.UpdateUserRole, enum.UserAll...)) - api.HandleAPIMethod(api.GET, "/user/_search", m.PermissionRequired(r.SearchUser, enum.UserRead...)) - api.HandleAPIMethod(api.PUT, "/user/:id/password", m.PermissionRequired(r.UpdateUserPassword, enum.UserAll...)) + api.HandleAPIMethod(api.POST, "/user", m.PermissionRequired(r.CreateUser, enum.UserAll)) + api.HandleAPIMethod(api.GET, "/user/:id", m.PermissionRequired(r.GetUser, enum.UserRead)) + api.HandleAPIMethod(api.DELETE, "/user/:id", m.PermissionRequired(r.DeleteUser, enum.UserAll)) + api.HandleAPIMethod(api.PUT, "/user/:id", m.PermissionRequired(r.UpdateUser, enum.UserAll)) + api.HandleAPIMethod(api.PUT, "/user/:id/role", m.PermissionRequired(r.UpdateUserRole, enum.UserAll)) + api.HandleAPIMethod(api.GET, "/user/_search", m.PermissionRequired(r.SearchUser, enum.UserRead)) + api.HandleAPIMethod(api.PUT, "/user/:id/password", m.PermissionRequired(r.UpdateUserPassword, enum.UserAll)) } func loadJsonConfig() { @@ -54,19 +53,19 @@ func loadJsonConfig() { delete(apis, "indices") biz.ClusterApis = apis - bytes, err = util.FileGetContent(path.Join(pwd, "/config/map.json")) - if err != nil { - panic("load json file err " + err.Error()) - } - esapiMap := make(map[string]string) - err = json.Unmarshal(bytes, &esapiMap) - if err != nil { - panic("json config unmarshal err " + err.Error()) - } - for k, v := range esapiMap { - s := strings.Split(k, "-") - biz.EsApiRoutes.AddRoute(s[0], s[1], v) - } + //bytes, err = util.FileGetContent(path.Join(pwd, "/config/map.json")) + //if err != nil { + // panic("load json file err " + err.Error()) + //} + //esapiMap := make(map[string]string) + //err = json.Unmarshal(bytes, &esapiMap) + //if err != nil { + // panic("json config unmarshal err " + err.Error()) + //} + //for k, v := range esapiMap { + // s := strings.Split(k, "-") + // biz.EsApiRoutes.AddRoute(s[0], s[1], v) + //} } func loadRolePermission() { @@ -98,7 +97,7 @@ func loadRolePermission() { }, }, } - res, err := biz.SearchRole("", 0, 100) + res, err := biz.SearchRole("", 0, 1000) if err != nil { log.Error(err) return diff --git a/plugin/api/rbac/permission.go b/plugin/api/rbac/permission.go index 7a356cc8..1f30c770 100644 --- a/plugin/api/rbac/permission.go +++ b/plugin/api/rbac/permission.go @@ -19,7 +19,7 @@ func (h Rbac) ListPermission(w http.ResponseWriter, r *http.Request, ps httprout if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } permissions := role.ListPermission() diff --git a/plugin/api/rbac/role.go b/plugin/api/rbac/role.go index 267f14b3..5de2fcfb 100644 --- a/plugin/api/rbac/role.go +++ b/plugin/api/rbac/role.go @@ -17,12 +17,12 @@ func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P localUser, err := biz.FromUserContext(r.Context()) if err != nil { log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } irole, err := biz.NewRole(roleType) if err != nil { - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } @@ -31,12 +31,13 @@ func (h Rbac) CreateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P h.Error400(w, err.Error()) return } + var id string id, err = irole.Create(localUser) if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } _ = h.WriteOKJSON(w, core.CreateResponse(id)) @@ -55,7 +56,8 @@ func (h Rbac) SearchRole(w http.ResponseWriter, r *http.Request, ps httprouter.P res, err := biz.SearchRole(keyword, from, size) if err != nil { log.Error(err) - h.Error(w, err) + + h.ErrorInternalServer(w, err.Error()) return } response := elastic.SearchResponse{} @@ -91,7 +93,7 @@ func (h Rbac) GetRole(w http.ResponseWriter, r *http.Request, ps httprouter.Para if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } h.WriteOKJSON(w, core.Response{Hit: role}) @@ -104,14 +106,14 @@ func (h Rbac) DeleteRole(w http.ResponseWriter, r *http.Request, ps httprouter.P localUser, err := biz.FromUserContext(r.Context()) if err != nil { log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } err = biz.DeleteRole(localUser, id) if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } _ = h.WriteOKJSON(w, core.DeleteResponse(id)) @@ -123,17 +125,17 @@ func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P localUser, err := biz.FromUserContext(r.Context()) if err != nil { log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } model, err := biz.GetRole(id) if err != nil { - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } irole, err := biz.NewRole(model.RoleType) if err != nil { - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } @@ -147,7 +149,7 @@ func (h Rbac) UpdateRole(w http.ResponseWriter, r *http.Request, ps httprouter.P if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } _ = h.WriteOKJSON(w, core.UpdateResponse(id)) diff --git a/plugin/api/rbac/user.go b/plugin/api/rbac/user.go index f42c060b..9423b729 100644 --- a/plugin/api/rbac/user.go +++ b/plugin/api/rbac/user.go @@ -29,21 +29,21 @@ func (h Rbac) CreateUser(w http.ResponseWriter, r *http.Request, ps httprouter.P h.Error400(w, err.Error()) return } - if req.Username == "" || req.Password == "" { + if req.Username == "" || req.Phone == "" || req.Email == "" { - h.Error400(w, "username or password require") + h.Error400(w, "username and phone and email is require") return } localUser, err := biz.FromUserContext(r.Context()) if err != nil { log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } id, pass, err := biz.CreateUser(localUser, req) if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } _ = h.WriteOKJSON(w, util.MapStr{ @@ -65,7 +65,7 @@ func (h Rbac) GetUser(w http.ResponseWriter, r *http.Request, ps httprouter.Para if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } h.WriteOKJSON(w, core.FoundResponse(id, user)) @@ -84,14 +84,14 @@ func (h Rbac) UpdateUser(w http.ResponseWriter, r *http.Request, ps httprouter.P localUser, err := biz.FromUserContext(r.Context()) if err != nil { log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } err = biz.UpdateUser(localUser, id, req) if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } _ = h.WriteOKJSON(w, core.UpdateResponse(id)) @@ -110,14 +110,14 @@ func (h Rbac) UpdateUserRole(w http.ResponseWriter, r *http.Request, ps httprout localUser, err := biz.FromUserContext(r.Context()) if err != nil { log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } err = biz.UpdateUserRole(localUser, id, req) if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } _ = h.WriteOKJSON(w, core.UpdateResponse(id)) @@ -129,7 +129,7 @@ func (h Rbac) DeleteUser(w http.ResponseWriter, r *http.Request, ps httprouter.P localUser, err := biz.FromUserContext(r.Context()) if err != nil { log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } err = biz.DeleteUser(localUser, id) @@ -139,7 +139,7 @@ func (h Rbac) DeleteUser(w http.ResponseWriter, r *http.Request, ps httprouter.P } if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } _ = h.WriteOKJSON(w, core.DeleteResponse(id)) @@ -156,7 +156,7 @@ func (h Rbac) SearchUser(w http.ResponseWriter, r *http.Request, ps httprouter.P res, err := biz.SearchUser(keyword, from, size) if err != nil { log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } @@ -176,13 +176,13 @@ func (h Rbac) UpdateUserPassword(w http.ResponseWriter, r *http.Request, ps http localUser, err := biz.FromUserContext(r.Context()) if err != nil { log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return } err = biz.UpdateUserPassword(localUser, id, req.Password) if err != nil { _ = log.Error(err.Error()) - h.Error(w, err) + h.ErrorInternalServer(w, err.Error()) return }