diff --git a/base/aaa/aaa.go b/base/aaa/aaa.go index 972e62d5..a6c4224a 100644 --- a/base/aaa/aaa.go +++ b/base/aaa/aaa.go @@ -7,6 +7,70 @@ import ( "strings" ) +func _role_list(m *ice.Message) { + kit.Fetch(m.Confv("role", "meta.root"), func(key string, value string) { + m.Push("userrole", "root").Push("username", key) + }) + kit.Fetch(m.Confv("role", "meta.tech"), func(key string, value string) { + m.Push("userrole", "tech").Push("username", key) + }) +} +func _role_black(m *ice.Message, userrole, chain, status string) { + m.Rich(ice.AAA_ROLE, kit.Keys("black", userrole), kit.Dict( + "chain", chain, "status", status, + )) + m.Logs(ice.LOG_ENABLE, "role", userrole, "black", chain) +} +func _role_white(m *ice.Message, userrole, chain, status string) { + m.Rich(ice.AAA_ROLE, kit.Keys("white", userrole), kit.Dict( + "chain", chain, "status", status, + )) + m.Logs(ice.LOG_ENABLE, "role", userrole, "white", chain) +} +func _role_check(m *ice.Message, username string) { + m.Echo(kit.Select(kit.Select("void", + "tech", m.Confs(ice.AAA_ROLE, kit.Keys("meta.tech", username))), + "root", m.Confs(ice.AAA_ROLE, kit.Keys("meta.root", username)))) +} +func _role_right(m *ice.Message, userrole string, keys ...string) bool { + ok := true + for i := 0; i < len(keys); i++ { + // 黑名单 + m.Richs(ice.AAA_ROLE, kit.Keys("black", userrole), kit.Keys(keys[:i+1]), func(key string, value map[string]interface{}) { + if value["status"] == "true" { + ok = false + } + }) + } + if m.Warn(!ok, "black right %s", keys) { + return false + } + + if m.Option(ice.MSG_USERROLE) == ice.ROLE_TECH { + // 管理用户 + return true + } + + ok = false + for i := 0; i < len(keys); i++ { + // 白名单 + m.Richs(ice.AAA_ROLE, kit.Keys("white", userrole), kit.Keys(keys[:i+1]), func(key string, value map[string]interface{}) { + if value["status"] == "true" { + ok = true + } + }) + } + if m.Warn(!ok, "no white right %s", keys) { + return false + } + + // 普通用户 + return true +} +func _role_auth(m *ice.Message, userrole, username, status string) { + m.Conf(ice.AAA_ROLE, kit.Keys("meta", userrole, username), status) +} + var Index = &ice.Context{Name: "aaa", Help: "认证模块", Caches: map[string]*ice.Cache{}, Configs: map[string]*ice.Config{ @@ -28,84 +92,33 @@ var Index = &ice.Context{Name: "aaa", Help: "认证模块", }}, ice.AAA_ROLE: {Name: []string{ - "role check username", - "role right userrole chain", - "role userrole username ok", - "role black|white userrole enable|disable chain", + "role black|white userrole chain", + "role check|userrole username", }, Help: "角色", Hand: func(m *ice.Message, c *ice.Context, cmd string, arg ...string) { - - // ice.AAA_ROLE: {Name: "role check username; role right userrole chain; role userrole username ok; role black|white userrole enable|disable chain", Help: "角色", Hand: func(m *ice.Message, c *ice.Context, cmd string, arg ...string) { if len(arg) == 0 { - kit.Fetch(m.Confv("role", "meta.root"), func(key string, value string) { - m.Push("userrole", "root").Push("username", key) - }) - kit.Fetch(m.Confv("role", "meta.tech"), func(key string, value string) { - m.Push("userrole", "tech").Push("username", key) - }) + _role_list(m) return } switch arg[0] { - case "check": - // 用户角色 - if len(arg) > 1 && arg[1] != "" { - m.Echo(kit.Select(kit.Select("void", - "tech", m.Confs(ice.AAA_ROLE, kit.Keys("meta.tech", arg[1]))), - "root", m.Confs(ice.AAA_ROLE, kit.Keys("meta.root", arg[1])))) - } - - case "black", "white": - // 黑白名单 - m.Rich(ice.AAA_ROLE, kit.Keys(arg[0], arg[1]), kit.Dict( - "status", arg[2], "chain", kit.Keys(arg[3:]), - )) - m.Log(ice.LOG_ENABLE, "role: %s %s: %v", arg[1], arg[0], arg[3:]) - case "right": if m.Option(ice.MSG_USERROLE) == ice.ROLE_ROOT { // 超级用户 m.Echo("ok") - break - } - - ok := true - keys := strings.Split(kit.Keys(arg[2:]), ".") - for i := 0; i < len(keys); i++ { - if !ok { - break - } - // 黑名单 - m.Richs(ice.AAA_ROLE, kit.Keys("black", arg[1]), kit.Keys(keys[:i+1]), func(key string, value map[string]interface{}) { - ok = value["status"] != "enable" - }) - } - if m.Warn(!ok, "black right %s", keys) { - break - } - if m.Option(ice.MSG_USERROLE) == ice.ROLE_TECH { - // 管理用户 + } else if _role_right(m, arg[1], strings.Split(kit.Keys(arg[2:]), ".")...) { + // 其它用户 m.Echo("ok") - break } - - ok = false - for i := 0; i < len(keys); i++ { - if ok { - break - } - // 白名单 - m.Richs(ice.AAA_ROLE, kit.Keys("white", arg[1]), kit.Keys(keys[:i+1]), func(key string, value map[string]interface{}) { - ok = value["status"] == "enable" - }) + case "check": + if len(arg) > 1 && arg[1] != "" { + _role_check(m, arg[1]) } - if m.Warn(!ok, "no white right %s", keys) { - break - } - // 普通用户 - m.Echo("ok") - + case "white": + _role_white(m, arg[1], kit.Keys(arg[2:]), "true") + case "black": + _role_black(m, arg[1], kit.Keys(arg[2:]), "true") default: - m.Conf(ice.AAA_ROLE, kit.Keys("meta", arg[0], arg[1]), kit.Select("true", arg, 2)) + _role_auth(m, arg[0], arg[1], kit.Select("true", arg, 2)) } }}, ice.AAA_USER: {Name: "user first|login", Help: "用户", Hand: func(m *ice.Message, c *ice.Context, cmd string, arg ...string) { diff --git a/base/web/web.go b/base/web/web.go index f4585cc6..48075a19 100644 --- a/base/web/web.go +++ b/base/web/web.go @@ -131,7 +131,9 @@ func (web *Frame) Login(msg *ice.Message, w http.ResponseWriter, r *http.Request if s, ok := msg.Target().Commands[ice.WEB_LOGIN]; ok { // 权限检查 + msg.Debug("user %v", msg.Option(ice.MSG_USERNAME)) msg.Target().Run(msg, s, ice.WEB_LOGIN, kit.Simple(msg.Optionv("cmds"))...) + msg.Debug("user %v", msg.Option(ice.MSG_USERNAME)) } else if ls := strings.Split(msg.Option(ice.MSG_USERURL), "/"); kit.IndexOf([]string{ "static", "plugin", "login", "space", "route", "share", "publish", diff --git a/core/chat/chat.go b/core/chat/chat.go index d7ce083c..6b7bff26 100644 --- a/core/chat/chat.go +++ b/core/chat/chat.go @@ -161,9 +161,11 @@ var Index = &ice.Context{Name: "chat", Help: "聊天中心", switch arg[0] { case "login": // 密码登录 + m.Debug("user %v", m.Option(ice.MSG_USERNAME)) if len(arg) > 2 { web.Render(m, "cookie", m.Option(ice.MSG_SESSID, m.Cmdx(ice.AAA_USER, "login", m.Option(ice.MSG_USERNAME, arg[1]), arg[2]))) } + m.Debug("user %v", m.Option(ice.MSG_USERNAME)) case "": m.Info("what %v", m.Option("share")) @@ -189,6 +191,9 @@ var Index = &ice.Context{Name: "chat", Help: "聊天中心", if m.Option(ice.MSG_USERURL) == "/login" { return } + if m.Option(ice.MSG_USERURL) == "/header" { + return + } // 登录检查 if m.Warn(!m.Options(ice.MSG_USERNAME), "not login") { @@ -363,7 +368,18 @@ var Index = &ice.Context{Name: "chat", Help: "聊天中心", }}, "/header": {Name: "/header", Help: "标题栏", Hand: func(m *ice.Message, c *ice.Context, cmd string, arg ...string) { - m.Echo(m.Conf(ice.WEB_SERVE, "meta.title")) + switch kit.Select("", arg, 0) { + case "check": + if m.Option(ice.MSG_USERNAME) != "" { + m.Echo(m.Option(ice.MSG_USERNAME)) + } + case "login": + if m.Option(ice.MSG_USERNAME) != "" { + m.Render(m.Option(ice.MSG_USERNAME)) + } + default: + m.Echo(m.Conf(ice.WEB_SERVE, "meta.title")) + } }}, "/footer": {Name: "/footer", Help: "状态栏", Hand: func(m *ice.Message, c *ice.Context, cmd string, arg ...string) { kit.Fetch(m.Confv(ice.WEB_SERVE, "meta.legal"), func(index int, value string) {