From 611fc9efc77592281e6540d9ed85909487aa37a6 Mon Sep 17 00:00:00 2001 From: shaoying Date: Thu, 27 Dec 2018 23:50:59 +0800 Subject: [PATCH] opt aaa.session Change-Id: I4d50aa354b1f06e9ef971a7233513e82ae081fec --- src/contexts/aaa/aaa.go | 20 +++++++++++++------- src/contexts/web/web.go | 21 +++++++++++++++------ usr/librarys/code.js | 2 +- 3 files changed, 29 insertions(+), 14 deletions(-) diff --git a/src/contexts/aaa/aaa.go b/src/contexts/aaa/aaa.go index 3348413e..776fbca3 100644 --- a/src/contexts/aaa/aaa.go +++ b/src/contexts/aaa/aaa.go @@ -112,11 +112,12 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", "nuser": &ctx.Cache{Name: "nuser", Value: "0", Help: "用户数量"}, }, Configs: map[string]*ctx.Config{ - "session": &ctx.Config{Name: "session", Value: map[string]interface{}{}, Help: "私钥文件"}, - "expire": &ctx.Config{Name: "expire(s)", Value: "72000", Help: "会话超时"}, - "cert": &ctx.Config{Name: "cert", Value: "etc/pem/cert.pem", Help: "证书文件"}, - "pub": &ctx.Config{Name: "pub", Value: "etc/pem/pub.pem", Help: "公钥文件"}, - "key": &ctx.Config{Name: "key", Value: "etc/pem/key.pem", Help: "私钥文件"}, + "secrete_key": &ctx.Config{Name: "secrete_key", Value: map[string]interface{}{"password": 1, "uuid": 1}, Help: "私钥文件"}, + "session": &ctx.Config{Name: "session", Value: map[string]interface{}{}, Help: "私钥文件"}, + "expire": &ctx.Config{Name: "expire(s)", Value: "72000", Help: "会话超时"}, + "cert": &ctx.Config{Name: "cert", Value: "etc/pem/cert.pem", Help: "证书文件"}, + "pub": &ctx.Config{Name: "pub", Value: "etc/pem/pub.pem", Help: "公钥文件"}, + "key": &ctx.Config{Name: "key", Value: "etc/pem/key.pem", Help: "私钥文件"}, }, Commands: map[string]*ctx.Command{ "session": &ctx.Command{Name: "session create", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) { @@ -201,7 +202,12 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", return } - h := Hash("%s%s: %s", condition, arg[i], arg[i+1]) + value := arg[i+1] + if m.Confv("secrete_key", arg[i]) != nil { + value = Hash("%s", value) + } + + h := Hash("%s%s: %s", condition, arg[i], value) if sess := m.Confv("session", h); sess == nil { // 节点认证 if arg[i] == "password" { @@ -215,7 +221,7 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", } // 创建节点 - m.Confv("session", h, map[string]interface{}{"create_time": time.Now().Unix(), "type": arg[i], "meta": arg[i+1]}) + m.Confv("session", h, map[string]interface{}{"create_time": time.Now().Unix(), "type": arg[i], "meta": value}) chain = append(chain, map[string]string{"node": h, "hash": p, "level": "0", "type": t}) } diff --git a/src/contexts/web/web.go b/src/contexts/web/web.go index d5bb94b0..b2e6b310 100644 --- a/src/contexts/web/web.go +++ b/src/contexts/web/web.go @@ -98,7 +98,9 @@ func (web *WEB) HandleCmd(m *ctx.Message, key string, cmd *ctx.Command) { msg.Option("index_url", r.Header.Get("index_url")) msg.Option("remote_addr", r.RemoteAddr) - if ip := r.Header.Get("X-Real-Ip"); ip != "" { + if ip := r.Header.Get("X-Forwarded-For"); ip != "" { + msg.Option("remote_ip", ip) + } else if ip := r.Header.Get("X-Real-Ip"); ip != "" { msg.Option("remote_ip", ip) } else { msg.Option("remote_ip", strings.Split(r.RemoteAddr, ":")) @@ -140,12 +142,12 @@ func (web *WEB) HandleCmd(m *ctx.Message, key string, cmd *ctx.Command) { } msg.Option("username", cas.Username(r)) - msg.Option("password", cas.Username(r)) for k, v := range cas.Attributes(r) { for _, val := range v { msg.Add("option", k, val) } } + msg.Option("uuid", msg.Option(m.Conf("cas_uuid"))) } msg.Log("cmd", "%s [] %v", key, msg.Meta["option"]) @@ -342,6 +344,7 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", "login_right": &ctx.Config{Name: "login_right", Value: "1", Help: "登录认证"}, "login_lark": &ctx.Config{Name: "login_lark", Value: "false", Help: "会话认证"}, "cas_url": &ctx.Config{Name: "cas_url", Value: "", Help: "单点登录"}, + "cas_uuid": &ctx.Config{Name: "cas_uuid", Value: "__tea_sdk__user_unique_id", Help: "单点登录"}, "toolkit": &ctx.Config{Name: "toolkit", Value: map[string]interface{}{ "time": map[string]interface{}{ @@ -905,14 +908,20 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", http.SetCookie(w, &http.Cookie{Name: "sessid", Value: sessid, Path: "/"}) } - if m.Options("username") && m.Options("password") { + if m.Options("username") && m.Options("uuid") { + if !m.Sess("aaa").Cmd("session", sessid, "ship", "username", m.Option("username"), "uuid", m.Option("uuid")).Results(0) { + return + } + } else if m.Options("username") && m.Options("password") { if !m.Sess("aaa").Cmd("session", sessid, "ship", "username", m.Option("username"), "password", m.Option("password")).Results(0) { return } } for _, user := range m.Sess("aaa").Cmd("session", sessid, "ship", "username").Meta["meta"] { - if m.Sess("aaa").Cmd("session", sessid, "ship", "username", user, "password").Results(0) { + if m.Sess("aaa").Cmd("session", sessid, "ship", "username", user, "uuid").Results(0) { + m.Add("append", "username", user) + } else if m.Sess("aaa").Cmd("session", sessid, "ship", "username", user, "password").Results(0) { m.Add("append", "username", user) } } @@ -1061,7 +1070,7 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", } if !right { if lark := m.Find("web.chat.lark"); lark != nil && m.Confs("login_lark") { - right = ctx.Right(lark.Cmd("auth", m.Option("username"), "check", m.Option("cmd")).Result(0)) + right = ctx.Right(lark.Cmd("auth", username, "check", m.Option("cmd")).Result(0)) } } @@ -1069,7 +1078,7 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", bench_share := "" bench, ok := m.Confv("bench", m.Option("bench")).(map[string]interface{}) if order == "" { - if username == "" { + if !right && username == "" { group, order, right = "login", "", true } else { if right && !m.Confs("bench_disable") { diff --git a/usr/librarys/code.js b/usr/librarys/code.js index d0e8849c..10309aa2 100644 --- a/usr/librarys/code.js +++ b/usr/librarys/code.js @@ -212,7 +212,7 @@ function send_command(form, cb) { data[key] = form.dataset[key] } for (var i = 0; i < form.length; i++) { - if form[i].name { + if (form[i].name) { data[form[i].name] = form[i].value } }