diff --git a/etc/init.shy b/etc/init.shy index 22befc20..3f6cbd5e 100644 --- a/etc/init.shy +++ b/etc/init.shy @@ -1,9 +1,9 @@ ~ssh remote listen :9090 ~aaa - user root shy shy + role tech componet index command source + user tech shy shy ~web serve ~aaa - user root shy shy diff --git a/src/contexts/aaa/aaa.go b/src/contexts/aaa/aaa.go index 1824d5dd..dfcf2a4a 100644 --- a/src/contexts/aaa/aaa.go +++ b/src/contexts/aaa/aaa.go @@ -531,6 +531,11 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", case 1: m.Auto("username", "username", "查看用户") m.Auto("userrole", "userrole", "查看角色") + m.Auto("bench", "bench", "查看空间") + m.Auto("ip", "ip", "查看设备") + m.Cmd("aaa.auth", arg[0], "ship", "username").Table(func(node map[string]string) { + m.Auto(node["meta"], node["type"], node["create_time"]) + }) } return true }, @@ -543,108 +548,131 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", case 2: switch arg[1] { - case "username": - m.Cmd("aaa.auth", arg[0], "ship", "username").CopyTo(m, "append").Table() + case "username", "ip", "bench": + m.Cmd("aaa.auth", arg[0], "ship", arg[1]).CopyTo(m, "append").Table() + case "userrole": - for _, user := range m.Cmd("aaa.auth", arg[0], "ship", "username").Meta["meta"] { - msg := m.Cmd("aaa.user", user) - for _, role := range msg.Meta["meta"] { - m.Log("fuck", "what %v", user) - m.Add("append", "username", user) - m.Add("append", "userrole", role) - } - } + m.Cmd("aaa.auth", arg[0], "ship", "username").Table(func(user map[string]string) { + m.Cmd("aaa.user", user).Table(func(role map[string]string) { + m.Add("append", "username", user["meta"]) + m.Add("append", "userrole", role["meta"]) + }) + }) m.Table() + default: m.Cmd("aaa.auth", arg[0], "ship", "username", arg[1], "userrole").CopyTo(m, "append").Table() } + case 3: + m.Cmdy("aaa.auth", "ship", "session", arg[0], arg[1], arg[2]) + case 4: - if arg[0] == "create" { - m.Cmdy("aaa.auth", "ship", "session", arg[1], arg[2], arg[3]) - break - } m.Cmdy("aaa.auth", arg[0], "ship", "username", arg[1], arg[2], arg[3]) } return }}, - "work": &ctx.Command{Name: "work [sessid create|select]|[benchid] [right [userrole [componet name [command name [argument name]]]]]", Help: "工作任务", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) { - if len(arg) == 0 { - m.Cmdy("aaa.auth", "ship", "bench") - return - } + "work": &ctx.Command{Name: "work [sessid create|select]|[benchid] [right [userrole [componet name [command name [argument name]]]]]", Help: "工作任务", + Auto: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (goon bool) { + switch len(arg) { + case 0: + Auto(m, "ship", "bench") + Auto(m, "ship", "session") + default: + switch m.Conf("auth", []string{arg[0], "type"}) { + case "session": + if len(arg) == 1 { + m.Auto("create", "create", "创建空间") + m.Auto("select", "select", "查找空间") + } else { - bid := "" - switch m.Conf("auth", []string{arg[0], "type"}) { - case "session": - if len(arg) == 1 { - m.Confm("auth", []string{arg[0], "ship"}, func(key string, ship map[string]interface{}) { - m.Add("append", "key", key) - m.Add("append", "type", ship["type"]) - m.Add("append", "meta", ship["meta"]) - m.Add("append", "create_time", ship["create_time"]) - }) - m.Table() - return - } - switch arg[1] { - case "create": - bid, arg = m.Cmdx("aaa.auth", arg[0], "ship", "bench", arg[2]), arg[3:] - m.Cmd("aaa.auth", bid, "data", "name", "web") - defer func() { m.Set("result").Echo(bid) }() - case "select": - m.Cmd("aaa.auth", arg[0], "ship", "bench").Table(func(maps map[string]string, list []string, line int) bool { - if strings.Contains(maps["meta"], arg[2]) || strings.HasPrefix(maps["key"], arg[2]) || strings.HasSuffix(maps["key"], arg[2]) { - bid = maps["key"] - return false } - return true - }) - arg = arg[3:] - case "delete": + case "bench": + if len(arg) == 1 { + m.Auto("delete", "delete", "删除空间") + m.Auto("rename", "rename", "命名空间") + m.Auto("right", "right [username [componet [command]]]", "权限检查") + } else { + } + default: + m.Auto("invalid id") + } } - case "bench": - bid, arg = arg[0], arg[1:] - default: - return - } - - if len(arg) == 0 { - m.Echo(bid) - return - } - - switch arg[0] { - case "delete": - m.Cmd("aaa.auth", bid, "delete", "node") - case "rename": - m.Cmd("aaa.auth", bid, "data", "name", arg[1]) - case "right": - if arg[1] == "root" { - m.Echo("true") + return true + }, + Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) { + if len(arg) == 0 { + m.Cmdy("aaa.auth", "ship", "bench") return } - if len(arg) >= 6 { - if m.Cmds("aaa.auth", bid, "ship", "check", arg[5]) { - m.Echo("true") - } else if cid := m.Cmdx("aaa.auth", bid, "ship", "userrole", arg[1], "componet", arg[3], "check", arg[5]); kit.Right(cid) { - m.Cmd("aaa.auth", bid, cid) - m.Echo("true") + bid := "" + switch m.Conf("auth", []string{arg[0], "type"}) { + case "session": + if len(arg) == 1 { + m.Confm("auth", []string{arg[0], "ship"}, func(key string, ship map[string]interface{}) { + m.Add("append", "key", key) + m.Add("append", "type", ship["type"]) + m.Add("append", "meta", ship["meta"]) + m.Add("append", "create_time", ship["create_time"]) + }) + m.Table() + return } - } else if len(arg) >= 4 { - if m.Cmds("aaa.auth", bid, "ship", "check", arg[3]) { - m.Echo("true") - } else if cid := m.Cmdx("aaa.auth", bid, "ship", "userrole", arg[1], "check", arg[3]); kit.Right(cid) { - m.Cmd("aaa.auth", bid, cid) - m.Echo("true") + switch arg[1] { + case "create": + bid, arg = m.Cmdx("aaa.auth", arg[0], "ship", "bench", arg[2]), arg[3:] + m.Cmd("aaa.auth", bid, "data", "name", "web") + defer func() { m.Set("result").Echo(bid) }() + case "select": + m.Cmd("aaa.auth", arg[0], "ship", "bench").Table(func(node map[string]string) { + if strings.Contains(node["meta"], arg[2]) || strings.HasPrefix(node["key"], arg[2]) || strings.HasSuffix(node["key"], arg[2]) { + bid = node["key"] + } + }) + arg = arg[3:] } + case "bench": + bid, arg = arg[0], arg[1:] + default: + return } - default: - m.Cmdx("aaa.auth", bid, "data", arg) - } - return - }}, + + if len(arg) == 0 { + m.Echo(bid) + return + } + + switch arg[0] { + case "delete": + m.Cmd("aaa.auth", bid, "delete", "node") + case "rename": + m.Cmd("aaa.auth", bid, "data", "name", arg[1]) + case "right": + m.Cmd("aaa.auth", "ship", "username", arg[1], "userrole").Table(func(node map[string]string) { + if node["meta"] == "root" { + m.Echo("true") + } else if len(arg) >= 4 { + if m.Cmds("aaa.auth", bid, "ship", "check", arg[3]) { + m.Echo("true") + } else if cid := m.Cmdx("aaa.auth", "ship", "userrole", node["meta"], "componet", arg[2], "check", arg[3]); kit.Right(cid) { + m.Cmd("aaa.auth", bid, cid) + m.Echo("true") + } + } else if len(arg) >= 3 { + if m.Cmds("aaa.auth", bid, "ship", "check", arg[2]) { + m.Echo("true") + } else if cid := m.Cmdx("aaa.auth", "ship", "userrole", node["meta"], "check", arg[2]); kit.Right(cid) { + m.Cmd("aaa.auth", bid, cid) + m.Echo("true") + } + } + }) + default: + m.Cmdx("aaa.auth", bid, arg) + } + return + }}, "login": &ctx.Command{Name: "login [sessid]|[username password]", Form: map[string]int{"ip": 1, "openid": 1, "cert": 1, "pub": 1, "key": 1}, diff --git a/src/contexts/ctx/ctx_init.go b/src/contexts/ctx/ctx_init.go index 899976ee..7aad4474 100644 --- a/src/contexts/ctx/ctx_init.go +++ b/src/contexts/ctx/ctx_init.go @@ -529,11 +529,14 @@ var Index = &Context{Name: "ctx", Help: "模块中心", Server: &CTX{}, switch action { case "cmd": - if m.Options("sso_bench") && m.Options("sso_username") && - !m.Cmds("aaa.work", m.Option("sso_bench"), "right", m.Option("sso_username"), "componet", "source", "command", arg[0]) { + m.Log("fuck", "what %v", m.Option("bench")) + m.Log("fuck", "what %v", m.Option("username")) - m.Log("info", "sso check %v: %v failure", m.Option("sso_componet"), m.Option("sso_command")) - m.Echo("error: ").Echo("no right [%s: %s %s]", m.Option("sso_componet"), m.Option("sso_command"), arg[0]) + if m.Options("bench") && m.Options("username") && + !m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("username"), "source", arg[0]) { + + m.Log("info", "check %v: %v failure", m.Option("componet"), arg[0]) + m.Echo("error: ").Echo("no right [%s: %s]", m.Option("componet"), arg[0]) break } diff --git a/src/contexts/ctx/ctx_type.go b/src/contexts/ctx/ctx_type.go index fa3319e8..822d4af4 100644 --- a/src/contexts/ctx/ctx_type.go +++ b/src/contexts/ctx/ctx_type.go @@ -840,11 +840,26 @@ func (m *Message) Appendv(key string, arg ...interface{}) interface{} { } return nil } -func (m *Message) Table(cbs ...func(maps map[string]string, list []string, line int) (goon bool)) *Message { +func (m *Message) Table(cbs ...interface{}) *Message { if len(m.Meta["append"]) == 0 { return m } + if len(cbs) > 0 { + switch cb := cbs[0].(type) { + case func(map[string]string): + nrow := len(m.Meta[m.Meta["append"][0]]) + line := map[string]string{} + for i := 0; i < nrow; i++ { + for _, k := range m.Meta["append"] { + line[k] = m.Meta[k][i] + } + cb(line) + } + return m + } + } + //计算列宽 depth, width := 0, map[string]int{} for _, k := range m.Meta["append"] { @@ -862,7 +877,7 @@ func (m *Message) Table(cbs ...func(maps map[string]string, list []string, line space := m.Confx("table_space") var cb func(maps map[string]string, list []string, line int) (goon bool) if len(cbs) > 0 { - cb = cbs[0] + cb = cbs[0].(func(maps map[string]string, list []string, line int) (goon bool)) } else { row := m.Confx("table_row_sep") col := m.Confx("table_col_sep") diff --git a/src/contexts/log/log.go b/src/contexts/log/log.go index f2ae3a90..11b5598f 100644 --- a/src/contexts/log/log.go +++ b/src/contexts/log/log.go @@ -138,6 +138,10 @@ var Index = &ctx.Context{Name: "log", Help: "日志中心", "cli": map[string]interface{}{ "cmd": map[string]interface{}{"value": map[string]interface{}{"file": "debug.log", "meta": []interface{}{"time", "ship"}, "color_begin": "\033[31m", "color_end": "\033[0m"}}, }, + "aaa": map[string]interface{}{ + // "auth": map[string]interface{}{"value": map[string]interface{}{"file": "debug.log", "meta": []interface{}{"time", "ship"}, "color_begin": "\033[31m", "color_end": "\033[0m"}}, + // "hash": map[string]interface{}{"value": map[string]interface{}{"file": "debug.log", "meta": []interface{}{"time", "ship"}, "color_begin": "\033[31m", "color_end": "\033[0m"}}, + }, }, }, Help: "日志输出配置"}, }, diff --git a/src/contexts/nfs/nfs.go b/src/contexts/nfs/nfs.go index f60611d4..9a13e18d 100644 --- a/src/contexts/nfs/nfs.go +++ b/src/contexts/nfs/nfs.go @@ -1061,6 +1061,7 @@ var Index = &ctx.Context{Name: "nfs", Help: "存储中心", }, Commands: map[string]*ctx.Command{ "pwd": &ctx.Command{Name: "pwd [all] | [[index] path] ", Help: "工作目录,all: 查看所有, index path: 设置路径, path: 设置当前路径", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) { + m.Log("fuck", "what %v", m.Format("stack", "chain")) if len(arg) > 0 && arg[0] == "all" { m.Cmdy("nfs.config", "paths") return diff --git a/src/contexts/web/web.go b/src/contexts/web/web.go index 9f060e9d..42d46856 100644 --- a/src/contexts/web/web.go +++ b/src/contexts/web/web.go @@ -19,6 +19,7 @@ import ( "runtime" "strings" "time" + "toolkit" ) type MUX interface { @@ -132,8 +133,8 @@ func Merge(m *ctx.Message, uri string, arg ...string) string { } func (web *WEB) Login(msg *ctx.Message, w http.ResponseWriter, r *http.Request) bool { - if msg.Confs("cas_url") { - if !cas.IsAuthenticated(r) && !msg.Confs("skip_cas") { + if msg.Confs("cas_url") && !msg.Confs("skip_cas") { + if !cas.IsAuthenticated(r) { r.URL, _ = r.URL.Parse(r.Header.Get("index_url")) cas.RedirectToLogin(w, r) return false @@ -146,28 +147,21 @@ func (web *WEB) Login(msg *ctx.Message, w http.ResponseWriter, r *http.Request) } if msg.Options("ticket") { + msg.Option("uuid", msg.Option(msg.Conf("cas_uuid"))) msg.Option("username", cas.Username(r)) if lark := msg.Find("web.chat.lark"); lark != nil { msg.Option("username", lark.Cmdx("user", msg.Option("email"), "id")) } - msg.Option("uuid", msg.Option(msg.Conf("cas_uuid"))) - msg.Option("sessid", msg.Spawn().Cmd("session", "uuid").Result(0)) - uri, _ := r.URL.Parse(r.Header.Get("index_url")) - redirect := uri.Path - if b := uri.Query().Get("bench"); b != "" { - redirect += "?bench=" + b - } - http.Redirect(w, r, redirect, http.StatusTemporaryRedirect) + http.SetCookie(w, &http.Cookie{Name: "sessid", Value: msg.Cmdx("web.session", "login", "uuid"), Path: "/"}) + http.Redirect(w, r, merge(msg, r.Header.Get("index_url"), "ticket", ""), http.StatusTemporaryRedirect) return false } } else if msg.Options("username") && msg.Options("password") { - if sessid := msg.Spawn().Cmd("session", "password").Result(0); sessid != "" { - msg.Option("sessid", sessid) - msg.Option("password", "") + if sessid := msg.Cmd("web.session", "login", "password").Result(0); sessid != "" { + http.SetCookie(w, &http.Cookie{Name: "sessid", Value: msg.Option("sessid", sessid), Path: "/"}) } else { w.WriteHeader(http.StatusUnauthorized) - msg.Option("username", "") } return false } @@ -401,7 +395,7 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", "cert": &ctx.Config{Name: "cert", Value: "etc/cert.pem", Help: "证书"}, "key": &ctx.Config{Name: "key", Value: "etc/key.pem", Help: "密钥"}, - "login_right": &ctx.Config{Name: "login_right", Value: "1", Help: "登录认证"}, + "login_check": &ctx.Config{Name: "login_check", Value: "1", Help: "登录认证"}, "sess_void": &ctx.Config{Name: "sess_void", Value: "0", Help: "匿名会话"}, "cas_url": &ctx.Config{Name: "cas_url", Value: "", Help: "单点登录"}, "cas_uuid": &ctx.Config{Name: "cas_uuid", Value: "email", Help: "单点登录"}, @@ -973,28 +967,45 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", } return }}, - "session": &ctx.Command{Name: "session [secrete]", Help: "用户登录", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) { - sessid := m.Option("sessid") - if sessid == "" || !m.Cmds("aaa.sess", sessid) { - if !m.Confs("sess_void") && !m.Options("username") { - return - } - - // 创建会话 - sessid = m.Cmdx("aaa.sess", "create", "web", "ip", m.Option("remote_ip")) - http.SetCookie(m.Optionv("response").(http.ResponseWriter), &http.Cookie{Name: "sessid", Value: sessid, Path: "/"}) - } - - if len(arg) > 0 { // 用户认证 - if m.Options("username") && m.Options(arg[0]) && m.Cmds("aaa.sess", sessid, m.Option("username"), arg[0], m.Option(arg[0])) { - m.Echo(sessid) - } + "session": &ctx.Command{Name: "session [login secrete] bench [check [componet [command]]]", Help: "用户登录", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) { + if len(arg) == 0 { return } - // 用户角色 - m.Cmd("aaa.sess", m.Option("sessid"), "userrole").CopyTo(m, "append") - m.Log("info", "username: %v userrole: %v", m.Meta["username"], m.Meta["userrole"]) + username := m.Option("username") + sessid := m.Option("sessid") + + switch arg[0] { + case "login": + if len(arg) == 1 { + m.Echo(m.Cmd("aaa.sess", sessid, "username").Append("meta")) + break + } + + if username == "" || !m.Options(arg[1]) { + break + } + if sessid == "" || !m.Cmds("aaa.sess", sessid) { + sessid = m.Cmdx("aaa.sess", "web", "ip", m.Option("remote_ip")) + } + if m.Cmds("aaa.sess", sessid, m.Option("username"), arg[1], m.Option(arg[1])) { + m.Echo(sessid) + } + + case "bench": + if len(arg) == 1 { + bench := m.Option("bench") + if bench == "" || !m.Cmds("aaa.work", bench) { // 创建空间 + bench = m.Cmdx("aaa.work", sessid, "create", "web") + } + m.Echo(bench) + break + } + m.Cmd("aaa.work", arg[1:]) + + case "check": + m.Echo(m.Cmdx("aaa.work", arg[1], "right", arg[2:])) + } return }}, "bench": &ctx.Command{Name: "bench", Help: "任务列表", Form: map[string]int{"view": 1}, Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) { @@ -1119,35 +1130,24 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", tmpl.ParseGlob(path.Join(m.Conf("template_dir"), m.Conf("template_sub"), "/*.tmpl")) } - // 响应模板 - group, order, right := m.Option("componet_group", m.Confx("componet_group")), m.Option("componet_name"), m.Options("right", !m.Confs("componet", "login")) + if m.Confs("login_check") { + if m.Option("username", m.Cmdx("web.session", "login")) == "" { // 没有登录 + m.Set("option", "componet_group", "login").Set("option", "componet_name", "").Set("option", "bench", "") - // 会话检查 - if right || m.Options("right", !m.Confs("login_right")) { - m.Log("info", "no limit") // 禁用权限 - } else if userrole := m.Option("userrole", m.Cmd("web.session").Append("userrole")); userrole == "" { // 用户登录 - m.Log("info", "no user") - group, order, right = m.Option("componet_group", "login"), m.Option("componet_name", ""), m.Options("right", true) - if m.Options("bench") && !m.Cmds("aaa.work", m.Option("bench")) { - m.Log("info", "no work") - m.Append("redirect", merge(m, m.Option("index_url"), "bench", "")) + } else if bench := m.Cmdx("web.session", "bench"); bench == "" { // 没有空间 + m.Set("option", "componet_group", "login").Set("option", "componet_name", "").Set("option", "bench", "") + + } else if !m.Cmds("web.session", "check", bench, m.Option("username"), m.Confx("componet_group")) { // 没有权限 + m.Set("option", "componet_group", "login").Set("option", "componet_name", "").Set("option", "bench", "") + + } else if bench != m.Option("bench") { // 没有匹配 + m.Append("redirect", merge(m, m.Option("index_url"), "bench", bench)) return } - } else if group == "login" { // 登录成功 - m.Log("info", "no login") - return - } else if !m.Options("bench") || !m.Cmds("aaa.work", m.Option("bench")) { // 创建空间 - m.Append("redirect", merge(m, m.Option("index_url"), "bench", m.Cmdx("aaa.work", m.Option("sessid"), "create", "web"))) - return - } else if !m.Options("right", m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("userrole"), "componet", m.Option("componet_group"))) { // 没有权限 - group, order = m.Option("componet_group", "login"), m.Option("componet_name", "") - } else { //n访问成功 - m.Cmd("aaa.auth", m.Option("bench"), "data", "access_time", m.Time()) - // m.Optionv("session", m.Confv("auth", []string{m.Option("sessid")})) - // m.Optionv("bench_data", m.Confv("auth", []string{m.Option("bench"), "data"})) } - m.Log("info", "json: %v group: %v order: %v userrole: %v right: %v", accept_json, group, order, m.Option("userrole"), m.Option("right")) + // 响应模板 + group, order := m.Option("componet_group", m.Confx("componet_group")), m.Option("componet_name") for _, v := range m.Confv("componet", group).([]interface{}) { val := v.(map[string]interface{}) @@ -1175,7 +1175,7 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", } // 权限检查 - if m.Options("bench") && !m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("userrole"), "componet", m.Option("componet_group"), "command", args[0]) { + if m.Options("bench") && !m.Cmds("web.session", "check", m.Option("bench"), m.Option("username"), m.Option("componet_group"), args[0]) { continue } @@ -1206,20 +1206,13 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", } // 执行命令 - if pre_run, _ := val["pre_run"].(bool); pre_run || order != "" { - msg.Option("sso_bench", m.Option("bench")) - msg.Option("sso_username", m.Option("username")) - msg.Cmd(args) - - if m.Options("bench") { - name_alias := "action." + msg.Option("componet_name") - if msg.Options("componet_name_alias") { - name_alias = "action." + msg.Option("componet_name_alias") - } + if order != "" || kit.Right(val["pre_run"]) { + if msg.Cmd(args); m.Options("bench") { + name_alias := "action." + kit.Select(msg.Option("componet_name"), msg.Option("componet_name_alias")) msg.Put("option", name_alias, map[string]interface{}{ - "action_time": msg.Time(), "order": m.Option("componet_name_order"), "cmd": args, - }).Cmd("aaa.auth", m.Option("bench"), "data", "option", name_alias, "modify_time", msg.Time()) + "cmd": args, "order": m.Option("componet_name_order"), "action_time": msg.Time(), + }).Cmd("web.session", "bench", m.Option("bench"), "data", "option", name_alias, "modify_time", msg.Time()) } } } else {