opt aaa

Change-Id: I4b43856527cf690c8a7ab8e64ddbc11b482c3c1e

src/contexts/aaa/aaa.go

@@ -106,8 +106,9 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心",
 		"nuser": &ctx.Cache{Name: "nuser", Value: "0", Help: "用户数量"},
 	},
 	Configs: map[string]*ctx.Config{
-		"hash": &ctx.Config{Name: "hash", Value: map[string]interface{}{}, Help: "散列"},
-		"auth": &ctx.Config{Name: "auth", Value: map[string]interface{}{}, Help: "散列"},
+		"hash":        &ctx.Config{Name: "hash", Value: map[string]interface{}{}, Help: "散列"},
+		"auth":        &ctx.Config{Name: "auth", Value: map[string]interface{}{}, Help: "散列"},
+		"auth_expire": &ctx.Config{Name: "auth_expire", Value: "10m", Help: "权限超时"},
 		"auth_type": &ctx.Config{Name: "auth_type", Value: map[string]interface{}{
 			"session":  map[string]interface{}{"unique": true},
 			"bench":    map[string]interface{}{"unique": true},
@@ -269,12 +270,15 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心",
 
 				if node := m.Confm("auth", arg[i]); node != nil {
 					if i++; p != "" { // 添加链接
+						d, e := time.ParseDuration(m.Conf("auth_expire"))
+						m.Assert(e)
+						expire := time.Now().Add(d).Unix()
 						m.Confv("auth", []string{p, "ship", arg[i-1]}, map[string]interface{}{
-							"create_time": m.Time(), "type": node["type"], "meta": node["meta"], "ship": "4",
+							"create_time": m.Time(), "type": node["type"], "meta": node["meta"], "ship": "4", "expire_time": expire,
 						})
 
 						m.Confv("auth", []string{arg[i-1], "ship", p}, map[string]interface{}{
-							"create_time": m.Time(), "type": t, "meta": a, "ship": "5",
+							"create_time": m.Time(), "type": t, "meta": a, "ship": "5", "expire_time": expire,
 						})
 
 					}
@@ -335,6 +339,19 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心",
 						return
 					}
 
+					if arg[i] == "check" {
+						has := "false"
+						m.Confm("auth", []string{p, "ship"}, func(k string, ship map[string]interface{}) {
+							if ship["meta"] == arg[i+1] {
+								if ship["expire_time"] == nil || ship["expire_time"].(int64) > time.Now().Unix() {
+									has = k
+								}
+							}
+						})
+						m.Set("result").Echo(has)
+						return
+					}
+
 					meta := []string{arg[i]}
 					if m.Confs("auth_type", []string{arg[i], "secrete"}) {
 						meta = append(meta, Password(arg[i+1])) // 加密节点
@@ -401,7 +418,7 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心",
 						ps := []string{p}
 						for j := 0; j < len(ps); j++ {
 							if value := m.Confv("auth", []string{ps[j], "data", arg[i]}); value != nil {
-								m.Put("option", "data", value).Cmdy("ctx.trans", "data")
+								m.Set("append").Set("result").Put("option", "data", value).Cmdy("ctx.trans", "data")
 								break
 							}
 
@@ -441,15 +458,15 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心",
 			case 3:
 				if arg[1] == "componet" {
 					m.Cmdy("aaa.auth", "ship", "userrole", arg[0], "componet", arg[2])
+				} else {
+					m.Cmdy("aaa.auth", "ship", "userrole", arg[0], "componet", arg[1], "commond", arg[2])
 				}
 			case 4:
-			case 5:
-				if arg[1] == "componet" && arg[3] == "command" {
-					m.Cmdy("aaa.auth", "ship", "userrole", arg[0], "componet", arg[2], "command", arg[4])
-				}
 			default:
 				if arg[1] == "componet" && arg[3] == "command" {
-					m.Cmdy("aaa.auth", "ship", "userrole", arg[0], "componet", arg[2], "command", arg[4], arg[5:])
+					for _, v := range arg[4:] {
+						m.Cmdy("aaa.auth", "ship", "userrole", arg[0], "componet", arg[2], "command", v)
+					}
 				}
 			}
 		}},
@@ -556,28 +573,41 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心",
 			case "rename":
 				m.Cmd("aaa.auth", bid, "data", "name", arg[1])
 			case "right":
-				if len(arg) >= 6 {
-					m.Cmd("aaa.auth", bid, "ship", "command").Table(func(maps map[string]string, list []string, line int) bool {
-						if maps["meta"] == arg[5] {
-							m.Echo(maps["key"])
-							return false
-						}
+				m.Cmd("aaa.user", arg[1]).Table(func(maps map[string]string, list []string, line int) bool {
+					if line < 0 {
 						return true
-					})
-				} else if len(arg) >= 4 {
-					m.Cmd("aaa.auth", bid, "ship", "componet").Table(func(maps map[string]string, list []string, line int) bool {
-						if maps["meta"] == arg[3] {
-							m.Echo(maps["key"])
-							return false
-						}
-						return true
-					})
-				}
+					}
+
+					userrole := maps["meta"]
+					if userrole == "root" {
+						m.Echo("true")
+						return false
+					}
+
+					if len(arg) >= 6 {
+						if m.Cmds("aaa.auth", bid, "ship", "check", arg[5]) {
+							m.Echo("true")
+							return false
+						}
+						if cid := m.Cmdx("aaa.auth", bid, "ship", "userrole", userrole, "componet", arg[3], "check", arg[5]); ctx.Right(cid) {
+							m.Cmd("aaa.auth", bid, cid)
+							m.Echo("true")
+							return false
+						}
+					} else if len(arg) >= 4 {
+						if m.Cmds("aaa.auth", bid, "ship", "check", arg[3]) {
+							m.Echo("true")
+							return false
+						}
+						if cid := m.Cmdx("aaa.auth", bid, "ship", "userrole", userrole, "check", arg[3]); ctx.Right(cid) {
+							m.Cmd("aaa.auth", bid, cid)
+							m.Echo("true")
+							return false
+						}
+					}
+					return true
+				})
 
-				if cid := m.Cmdx("aaa.auth", "ship", "userrole", arg[1:]); cid != "" {
-					m.Cmd("aaa.auth", bid, cid)
-					m.Echo(cid)
-				}
 			default:
 				m.Cmdx("aaa.auth", bid, "data", arg)
 			}

src/contexts/ctx/ctx.go

@@ -1491,6 +1491,21 @@ func (m *Message) Confm(key string, args ...interface{}) map[string]interface{}
 	}
 	if len(args) > 1 {
 		switch fun := args[1].(type) {
+		case func(map[string]interface{}):
+			if value, ok := m.Confv(key, args[0]).(map[string]interface{}); ok {
+				fun(value)
+			}
+			return nil
+		case func(int, map[string]interface{}):
+			if value, ok := m.Confv(key, args[0]).([]interface{}); ok {
+				for i, v := range value {
+					if val, ok := v.(map[string]interface{}); ok {
+						fun(i, val)
+					}
+				}
+				return nil
+			}
+			return nil
 		case func(string, map[string]interface{}):
 			if value, ok := m.Confv(key, args[0]).(map[string]interface{}); ok {
 				for k, v := range value {
@@ -2930,9 +2945,10 @@ var Index = &Context{Name: "ctx", Help: "模块中心",
 
 					switch action {
 					case "cmd":
-						if m.Options("command_sso") && !m.Sess("aaa").Cmd("auth", "ship",
-							"userrole", m.Option("sso_userrole"), "componet", m.Option("sso_componet"), "command", m.Option("sso_command"),
-							"data", arg[0]).Results(0) {
+
+						if m.Options("sso_bench") && m.Options("sso_username") &&
+							!m.Cmds("aaa.work", m.Option("sso_bench"), "right", m.Option("sso_username"), "componet", "source", "command", arg[0]) {
+
 							m.Log("info", "sso check %v: %v failure", m.Option("sso_componet"), m.Option("sso_command"))
 							m.Echo("error: ").Echo("no right [%s: %s %s]", m.Option("sso_componet"), m.Option("sso_command"), arg[0])
 							break

src/contexts/web/web.go

@@ -167,7 +167,6 @@ func (web *WEB) HandleCmd(m *ctx.Message, key string, cmd *ctx.Command) {
 					return
 				}
 
-				msg.Option("username", cas.Username(r))
 				for k, v := range cas.Attributes(r) {
 					for _, val := range v {
 						msg.Add("option", k, val)
@@ -175,6 +174,10 @@ func (web *WEB) HandleCmd(m *ctx.Message, key string, cmd *ctx.Command) {
 				}
 
 				if msg.Options("ticket") {
+					msg.Option("username", cas.Username(r))
+					if lark := m.Find("web.chat.lark"); lark != nil {
+						msg.Option("username", lark.Cmdx("user", msg.Option("email"), "id"))
+					}
 					msg.Option("uuid", msg.Option(msg.Conf("cas_uuid")))
 					msg.Option("sessid", msg.Spawn().Cmd("session", "uuid").Result(0))
 
@@ -1104,14 +1107,14 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心",
 				// 会话检查
 				if m.Options("right", !m.Confs("login_right") || !m.Confs("componet", "login")) {
 					// 禁用权限
-				} else if userrole := m.Option("userrole", m.Cmd("web.session").Append("userrole")); userrole == "" { // 用户登录
+				} else if username := m.Option("username", m.Cmd("web.session").Append("username")); username == "" { // 用户登录
 					group, order = m.Option("componet_group", "login"), m.Option("componet_name", "")
 				} else if group == "login" { // 登录成功
 					return
 				} else if !m.Options("bench") || !m.Cmds("aaa.work", m.Option("bench")) { // 创建空间
 					m.Append("redirect", merge(m, m.Option("index_url"), "bench", m.Cmdx("aaa.work", m.Option("sessid"), "create", "web")))
 					return
-				} else if !m.Options("right", m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("userrole"), "componet", m.Option("componet_group"))) { // 没有权限
+				} else if !m.Options("right", m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("username"), "componet", m.Option("componet_group"))) { // 没有权限
 					group, order = m.Option("componet_group", "login"), m.Option("componet_name", "")
 				} else { //n访问成功
 					m.Cmd("aaa.auth", m.Option("bench"), "data", "access_time", m.Time())
@@ -1119,7 +1122,7 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心",
 					m.Optionv("bench_data", m.Confv("auth", []string{m.Option("bench"), "data"}))
 				}
 
-				m.Log("info", "json: %v group: %v order: %v userrole: %v right: %v", accept_json, group, order, m.Option("userrole"), m.Option("right"))
+				m.Log("info", "json: %v group: %v order: %v username: %v right: %v", accept_json, group, order, m.Option("username"), m.Option("right"))
 
 				for _, v := range m.Confv("componet", group).([]interface{}) {
 					val := v.(map[string]interface{})
@@ -1189,7 +1192,9 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心",
 					}
 
 					// 执行命令
-					if pre_run || !m.Options("bench") || m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("userrole"), "componet", m.Option("componet_group"), "command", args[0]) {
+					if pre_run || !m.Options("bench") || m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("username"), "componet", m.Option("componet_group"), "command", args[0]) {
+						msg.Option("sso_bench", m.Option("bench"))
+						msg.Option("sso_username", m.Option("username"))
 						msg.Cmd(args)
 
 						if m.Options("bench") {