From 1438e32b488f219df5e95c2c8a5bf16673f65bbb Mon Sep 17 00:00:00 2001 From: shaoying Date: Sat, 29 Dec 2018 10:21:11 +0800 Subject: [PATCH] mod web.render.auth --- etc/dotsfile/.vimrc | 25 +++++- etc/exit.shy | 2 +- etc/init.shy | 13 ++- src/contexts/aaa/aaa.go | 172 +++++++++++++++++++++--------------- src/contexts/cli/cli.go | 16 ++-- src/contexts/web/web.go | 39 ++++---- usr/template/code/code.tmpl | 3 + 7 files changed, 166 insertions(+), 104 deletions(-) diff --git a/etc/dotsfile/.vimrc b/etc/dotsfile/.vimrc index 45683921..d5953723 100644 --- a/etc/dotsfile/.vimrc +++ b/etc/dotsfile/.vimrc @@ -145,10 +145,29 @@ set splitbelow set splitright autocmd BufReadPost * normal `" -autocmd BufNewFile,BufReadPost *.shy set filetype=shy -autocmd BufNewFile,BufReadPost *.shy set commentstring=#%s autocmd BufNewFile,BufReadPost *.conf set filetype=nginx -autocmd BufNewFile,BufReadPost *.go set foldmethod=syntax + +autocmd BufNewFile,BufReadPost *.go call Config("go") +autocmd BufNewFile,BufReadPost *.sh call Config("sh") +autocmd BufNewFile,BufReadPost *.shy call Config("shy") +autocmd BufNewFile,BufReadPost *.py call Config("py") +autocmd BufNewFile,BufReadPost *.js call Config("js") + +fun! Config(language) + if a:language == "go" + set foldmethod=syntax + set foldnestmax=3 + elseif a:language == "sh" + elseif a:language == "shy" + set filetype=shy + set commentstring=#%s + elseif a:language == "py" + elseif a:language == "js" + let g:javaScript_fold=1 + set syntax=javaScript + set foldmethod=syntax + endif +endfun command! RR wa | source ~/.vimrc |e source ~/.vim_local diff --git a/etc/exit.shy b/etc/exit.shy index b37c6f87..6a818b89 100644 --- a/etc/exit.shy +++ b/etc/exit.shy @@ -2,7 +2,7 @@ ~web config save web.json bench ~aaa - config save session.json session + config save auth.json hash auth ~stdio config save history.json history diff --git a/etc/init.shy b/etc/init.shy index 33559016..2e8dddac 100644 --- a/etc/init.shy +++ b/etc/init.shy @@ -1,7 +1,14 @@ ~stdio config load history.json ~aaa - config load session.json + # config load auth.json +~aaa + auth ship group index cmd source + auth ship role void group index data sso true + auth ship username root role root + auth ship username shy role root + auth ship username void role void + ~web config load web.json @@ -9,6 +16,7 @@ login root root ~find aaa.root config right right.role root + ~aaa login void void right void owner login add from root @@ -16,6 +24,5 @@ source etc/local.shy source etc/spide.shy - -~lark +~aaa diff --git a/src/contexts/aaa/aaa.go b/src/contexts/aaa/aaa.go index 6900d38c..148df37c 100644 --- a/src/contexts/aaa/aaa.go +++ b/src/contexts/aaa/aaa.go @@ -107,9 +107,12 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", }, Configs: map[string]*ctx.Config{ "hash": &ctx.Config{Name: "hash", Value: map[string]interface{}{}, Help: "散列"}, + "auth": &ctx.Config{Name: "auth", Value: map[string]interface{}{}, Help: "散列"}, + "auth_type": &ctx.Config{Name: "auth_type", Value: map[string]interface{}{ + "password": map[string]interface{}{"private": true, "secrete": true, "single": true}, + }, Help: "散列"}, "secrete_key": &ctx.Config{Name: "secrete_key", Value: map[string]interface{}{"password": 1, "uuid": 1}, Help: "私钥文件"}, - "auth": &ctx.Config{Name: "auth", Value: map[string]interface{}{}, Help: "私钥文件"}, "expire": &ctx.Config{Name: "expire(s)", Value: "72000", Help: "会话超时"}, "cert": &ctx.Config{Name: "cert", Value: "etc/pem/cert.pem", Help: "证书文件"}, "pub": &ctx.Config{Name: "pub", Value: "etc/pem/pub.pem", Help: "公钥文件"}, @@ -159,69 +162,73 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", return } - // 创建会话 + // 会话操作 s, t := "", "" - if len(arg) > 0 && arg[0] == "create" { - s, t = m.Spawn().Cmd("hash", "session", arg[1], "time", "rand").Result(0), "session" + switch arg[0] { + case "create": // 创建会话 + s, t = m.Spawn().Cmd("hash", arg[1], arg[2], "time", "rand").Result(0), arg[1] m.Confv("auth", s, map[string]interface{}{ "create_time": time.Now().Unix(), - "type": "session", - "meta": arg[1], + "type": arg[1], + "meta": arg[2], }) defer func() { m.Set("result").Echo(s) }() - if arg = arg[2:]; len(arg) == 0 { + if arg = arg[3:]; len(arg) == 0 { return } - } - if v, ok := m.Confv("auth", []interface{}{arg[0], "type"}).(string); ok { - s, t, arg = arg[0], v, arg[1:] - } - if s == "" { - return - } - - // 查询会话 - which := "data" - if len(arg) > 0 { - switch arg[0] { - case "data", "ship", "": - which, arg = arg[0], arg[1:] - } - } - if len(arg) == 0 { - args := []string{s} - if which != "" { - args = append(args, which) - } - m.Spawn().Cmd("config", "auth", strings.Join(args, ".")).CopyTo(m) - return - } - - // 编辑会话 - switch which { - case "data": // 数据操作 - if len(arg) == 1 { // 读取数据 - m.Spawn().Cmd("config", "auth", strings.Join([]string{s, "data", arg[0]}, ".")).CopyTo(m) - for k, _ := range m.Confv("auth", []interface{}{s, "ship"}).(map[string]interface{}) { - if len(m.Meta["result"]) > 0 || len(m.Meta["append"]) > 0 { - break - } - m.Spawn().Cmd("config", "auth", strings.Join([]string{k, "data", arg[0]}, ".")).CopyTo(m) + case "follow": // 检查会话 + ps := []string{m.Spawn().Cmd("hash", arg[1], arg[2]).Result(0)} + for i := 0; i < len(ps); i++ { + ship, ok := m.Confv("auth", []interface{}{ps[i], "ship"}).(map[string]interface{}) + if !ok { + return } - break + for k, v := range ship { + val := v.(map[string]interface{}) + if val["level"].(string) == "0" { + continue + } + + if val["type"].(string) == arg[3] && val["meta"].(string) == arg[4] { + m.Echo(k) + return + } + ps = append(ps, k) + } + } + return + default: + if v, ok := m.Confv("auth", []interface{}{arg[0], "type"}).(string); ok { + s, t, arg = arg[0], v, arg[1:] + if len(arg) == 0 { + arg = append(arg, "data") + } + } + } + + which, p, chain := "data", s, []map[string]string{} + for i := 0; i < len(arg); i += 2 { + switch arg[i] { // 切换类型 + case "data", "ship", "": + which, i = arg[i], i+1 + } + m.Log("fuck", "which: %s arg: %v", which, arg[i:]) + + if i > len(arg)-1 { // 查询会话 + args := []string{p} + if which != "" { + args = append(args, which) + } + m.Spawn().Cmd("config", "auth", strings.Join(args, ".")).CopyTo(m) + return } - // 添加数据 - m.Spawn().Cmd("config", "auth", strings.Join([]string{s, "data", arg[0]}, "."), arg[1]).CopyTo(m) - break - case "ship": // 节点操作 - p, condition, chain := s, "", []map[string]string{} - for i := 0; i < len(arg); i += 2 { - // 查询节点 - if i == len(arg)-1 { + switch which { + case "ship": // 节点操作 + if i == len(arg)-1 { // 读取节点 for k, _ := range m.Confv("auth", []interface{}{p, "ship"}).(map[string]interface{}) { if auth, ok := m.Confv("auth", k).(map[string]interface{}); ok { if auth["type"].(string) == arg[i] { @@ -235,19 +242,22 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", return } - value := arg[i+1] - if m.Confv("secrete_key", arg[i]) != nil { - value = Password(value) + condition := "" + if ctx.Right(m.Confv("auth_type", []interface{}{arg[i], "private"})) { + condition = p // 私有节点 + } + value := arg[i+1] + if ctx.Right(m.Confv("auth_type", []interface{}{arg[i], "secrete"})) { + value = Password(value) // 加密节点 } - h := m.Spawn().Cmd("hash", arg[i], value, condition).Result(0) + if sess := m.Confv("auth", h); sess == nil { - // 节点认证 - if arg[i] == "password" { + if ctx.Right(m.Confv("auth_type", []interface{}{arg[i], "single"})) { // 单点认证 if v, ok := m.Confv("auth", []interface{}{p, "ship"}).(map[string]interface{}); ok { for k, _ := range v { - if node, ok := m.Confv("auth", []interface{}{k, "type"}).(string); ok && node == "password" { - return + if node, ok := m.Confv("auth", []interface{}{k, "type"}).(string); ok && node == arg[i] { + return // 认证失败 } } } @@ -255,22 +265,46 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", // 创建节点 m.Confv("auth", h, map[string]interface{}{"create_time": time.Now().Unix(), "type": arg[i], "meta": value}) - chain = append(chain, map[string]string{"node": h, "hash": p, "level": "0", "type": t}) } - // 添加节点 - chain = append(chain, map[string]string{"node": s, "hash": h, "level": "2", "type": arg[i]}) - chain = append(chain, map[string]string{"node": p, "hash": h, "level": "1", "type": arg[i]}) + if s != "" { // 添加根链接 + chain = append(chain, map[string]string{"node": s, "hash": h, "level": "2", "type": arg[i], "meta": value}) + } + if p != "" { // 添加子链接 + chain = append(chain, map[string]string{"node": p, "hash": h, "level": "1", "type": arg[i], "meta": value}) + } + if p != "" { // 添加父链接 + chain = append(chain, map[string]string{"node": h, "hash": p, "level": "0", "type": t, "meta": ""}) + } + p, t = h, arg[i] - } + case "data": // 数据操作 + if i == len(arg)-1 { // 读取数据 + value := m.Confv("auth", []interface{}{p, "data", arg[i]}) + if ship, ok := m.Confv("auth", []interface{}{p, "ship"}).(map[string]interface{}); ok { + for k, _ := range ship { + if value != nil { + break + } + value = m.Confv("auth", []interface{}{k, "data", arg[i]}) + } + } + if value != nil { + m.Echo("%v", value) + } + return + } - for _, v := range chain { - m.Log("info", "chain: %v", v) - m.Confv("auth", []interface{}{v["node"], "ship", v["hash"]}, map[string]interface{}{"level": v["level"], "type": v["type"]}) + // 添加数据 + m.Confv("auth", []interface{}{p, "data", arg[i]}, arg[i+1]) } - - m.Echo(p) } + + for _, v := range chain { // 保存链接 + m.Log("info", "chain: %v", v) + m.Confv("auth", []interface{}{v["node"], "ship", v["hash"]}, map[string]interface{}{"level": v["level"], "type": v["type"], "meta": v["meta"]}) + } + m.Echo(p) }}, "login": &ctx.Command{Name: "login [sessid]|[username password]", diff --git a/src/contexts/cli/cli.go b/src/contexts/cli/cli.go index 1c4eddc8..93748095 100644 --- a/src/contexts/cli/cli.go +++ b/src/contexts/cli/cli.go @@ -6,7 +6,7 @@ import ( "encoding/csv" "encoding/json" "path" - "syscall" + // "syscall" "toolkit" "fmt" @@ -866,13 +866,13 @@ var Index = &ctx.Context{Name: "cli", Help: "管理中心", m.Append("lookups", mem.Lookups) m.Append("objects", mem.HeapObjects) - sys := &syscall.Sysinfo_t{} - syscall.Sysinfo(sys) - - m.Append("total", kit.FmtSize(uint64(sys.Totalram))) - m.Append("free", kit.FmtSize(uint64(sys.Freeram))) - m.Append("mper", fmt.Sprintf("%d%%", sys.Freeram*100/sys.Totalram)) - + // sys := &syscall.Sysinfo_t{} + // syscall.Sysinfo(sys) + // + // m.Append("total", kit.FmtSize(uint64(sys.Totalram))) + // m.Append("free", kit.FmtSize(uint64(sys.Freeram))) + // m.Append("mper", fmt.Sprintf("%d%%", sys.Freeram*100/sys.Totalram)) + // m.Table() }}, "windows": &ctx.Command{Name: "windows", Help: "windows", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) { diff --git a/src/contexts/web/web.go b/src/contexts/web/web.go index d7e6905c..df3aa614 100644 --- a/src/contexts/web/web.go +++ b/src/contexts/web/web.go @@ -342,6 +342,7 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", "key": &ctx.Config{Name: "key", Value: "etc/key.pem", Help: "密钥"}, "login_right": &ctx.Config{Name: "login_right", Value: "1", Help: "登录认证"}, + "login_cmd": &ctx.Config{Name: "login_cmd", Value: "1", Help: "登录认证"}, "login_lark": &ctx.Config{Name: "login_lark", Value: "false", Help: "会话认证"}, "cas_url": &ctx.Config{Name: "cas_url", Value: "", Help: "单点登录"}, "cas_uuid": &ctx.Config{Name: "cas_uuid", Value: "__tea_sdk__user_unique_id", Help: "单点登录"}, @@ -903,7 +904,7 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", sessid := m.Option("sessid") if !m.Sess("aaa").Cmd("auth", sessid, "ship", "ip").Results(0) { w := m.Optionv("response").(http.ResponseWriter) - sessid = m.Sess("aaa").Cmd("auth", "create", "web", "ship", "ip", m.Option("remote_ip")).Result(0) + sessid = m.Sess("aaa").Cmd("auth", "create", "session", "web", "ship", "ip", m.Option("remote_ip")).Result(0) http.SetCookie(w, &http.Cookie{Name: "sessid", Value: sessid, Path: "/"}) } @@ -1055,22 +1056,18 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", order := m.Option("componet_name") // 权限检查 + right := !m.Confs("login_right") username := m.Spawn().Cmd("session").Append("username") - right := group == "login" - if !right { - right = !m.Confs("login_right") - } - if !right { - right = m.Sess("aaa").Cmd("right", username, "check", group).Results(0) - } - if !right { - right = m.Sess("aaa").Cmd("right", "void", "check", group).Results(0) - } - if !right { - if lark := m.Find("web.chat.lark"); lark != nil && m.Confs("login_lark") { + if !right && m.Confs("login_lark") { + if lark := m.Find("web.chat.lark"); lark != nil { right = ctx.Right(lark.Cmd("auth", username, "check", m.Option("cmd")).Result(0)) } } + right = right || group == "login" + right = right || m.Sess("aaa").Cmd("auth", "follow", "username", username, "role", "root").Results(0) + right = right || m.Sess("aaa").Cmd("auth", "follow", "username", "void", "group", m.Option("componet_group")).Results(0) + right = right || m.Sess("aaa").Cmd("auth", "follow", "username", username, "group", m.Option("componet_group")).Results(0) + login_sso := right && m.Sess("aaa").Cmd("auth", "ship", "group", m.Option("componet_group"), "data", "sso").Results(0) // 工作空间 bench_share := "" @@ -1102,12 +1099,8 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", // 权限检查 order_right := right - if !order_right { - order_right = m.Sess("aaa").Cmd("right", username, "check", group, val["componet_name"]).Results(0) - } - if !order_right { - order_right = m.Sess("aaa").Cmd("right", "void", "check", group, val["componet_name"]).Results(0) - } + order_right = order_right || m.Sess("aaa").Cmd("auth", "follow", "username", "void", "cmd", val["componet_name"]).Results(0) + order_right = order_right || m.Sess("aaa").Cmd("auth", "follow", "username", username, "cmd", val["componet_name"]).Results(0) if !order_right { continue } @@ -1166,7 +1159,8 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", } } - if order != "" || (val["pre_run"] != nil && val["pre_run"].(bool)) { + pre_run, ok := val["pre_run"].(bool) + if (ok && pre_run) || order != "" { if val["componet_cmd"] != nil { // 记录命令列表 if len(bench) > 0 && bench_share != "protected" { @@ -1179,6 +1173,11 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", } // 执行命令 + if !pre_run && login_sso && + !m.Sess("aaa").Cmd("auth", "follow", "username", "void", "cmd", args[0]).Results(0) && + !m.Sess("aaa").Cmd("auth", "follow", "username", username, "cmd", args[0]).Results(0) { + continue + } msg.Cmd(args) // 生成下载链接 diff --git a/usr/template/code/code.tmpl b/usr/template/code/code.tmpl index 24b488dc..08bb4d58 100644 --- a/usr/template/code/code.tmpl +++ b/usr/template/code/code.tmpl @@ -108,6 +108,9 @@ font-size:14px; overflow: auto; } + table.append tr:hover { + background-color:lightgreen; + } table.append th { font-family:monospace; background-color:lightgreen;