diff --git a/src/contexts/aaa/aaa.go b/src/contexts/aaa/aaa.go index c987b5a4..f2ad2fd2 100644 --- a/src/contexts/aaa/aaa.go +++ b/src/contexts/aaa/aaa.go @@ -106,8 +106,9 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", "nuser": &ctx.Cache{Name: "nuser", Value: "0", Help: "用户数量"}, }, Configs: map[string]*ctx.Config{ - "hash": &ctx.Config{Name: "hash", Value: map[string]interface{}{}, Help: "散列"}, - "auth": &ctx.Config{Name: "auth", Value: map[string]interface{}{}, Help: "散列"}, + "hash": &ctx.Config{Name: "hash", Value: map[string]interface{}{}, Help: "散列"}, + "auth": &ctx.Config{Name: "auth", Value: map[string]interface{}{}, Help: "散列"}, + "auth_expire": &ctx.Config{Name: "auth_expire", Value: "10m", Help: "权限超时"}, "auth_type": &ctx.Config{Name: "auth_type", Value: map[string]interface{}{ "session": map[string]interface{}{"unique": true}, "bench": map[string]interface{}{"unique": true}, @@ -269,12 +270,15 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", if node := m.Confm("auth", arg[i]); node != nil { if i++; p != "" { // 添加链接 + d, e := time.ParseDuration(m.Conf("auth_expire")) + m.Assert(e) + expire := time.Now().Add(d).Unix() m.Confv("auth", []string{p, "ship", arg[i-1]}, map[string]interface{}{ - "create_time": m.Time(), "type": node["type"], "meta": node["meta"], "ship": "4", + "create_time": m.Time(), "type": node["type"], "meta": node["meta"], "ship": "4", "expire_time": expire, }) m.Confv("auth", []string{arg[i-1], "ship", p}, map[string]interface{}{ - "create_time": m.Time(), "type": t, "meta": a, "ship": "5", + "create_time": m.Time(), "type": t, "meta": a, "ship": "5", "expire_time": expire, }) } @@ -335,6 +339,19 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", return } + if arg[i] == "check" { + has := "false" + m.Confm("auth", []string{p, "ship"}, func(k string, ship map[string]interface{}) { + if ship["meta"] == arg[i+1] { + if ship["expire_time"] == nil || ship["expire_time"].(int64) > time.Now().Unix() { + has = k + } + } + }) + m.Set("result").Echo(has) + return + } + meta := []string{arg[i]} if m.Confs("auth_type", []string{arg[i], "secrete"}) { meta = append(meta, Password(arg[i+1])) // 加密节点 @@ -401,7 +418,7 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", ps := []string{p} for j := 0; j < len(ps); j++ { if value := m.Confv("auth", []string{ps[j], "data", arg[i]}); value != nil { - m.Put("option", "data", value).Cmdy("ctx.trans", "data") + m.Set("append").Set("result").Put("option", "data", value).Cmdy("ctx.trans", "data") break } @@ -441,15 +458,15 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", case 3: if arg[1] == "componet" { m.Cmdy("aaa.auth", "ship", "userrole", arg[0], "componet", arg[2]) + } else { + m.Cmdy("aaa.auth", "ship", "userrole", arg[0], "componet", arg[1], "commond", arg[2]) } case 4: - case 5: - if arg[1] == "componet" && arg[3] == "command" { - m.Cmdy("aaa.auth", "ship", "userrole", arg[0], "componet", arg[2], "command", arg[4]) - } default: if arg[1] == "componet" && arg[3] == "command" { - m.Cmdy("aaa.auth", "ship", "userrole", arg[0], "componet", arg[2], "command", arg[4], arg[5:]) + for _, v := range arg[4:] { + m.Cmdy("aaa.auth", "ship", "userrole", arg[0], "componet", arg[2], "command", v) + } } } }}, @@ -556,28 +573,41 @@ var Index = &ctx.Context{Name: "aaa", Help: "认证中心", case "rename": m.Cmd("aaa.auth", bid, "data", "name", arg[1]) case "right": - if len(arg) >= 6 { - m.Cmd("aaa.auth", bid, "ship", "command").Table(func(maps map[string]string, list []string, line int) bool { - if maps["meta"] == arg[5] { - m.Echo(maps["key"]) - return false - } + m.Cmd("aaa.user", arg[1]).Table(func(maps map[string]string, list []string, line int) bool { + if line < 0 { return true - }) - } else if len(arg) >= 4 { - m.Cmd("aaa.auth", bid, "ship", "componet").Table(func(maps map[string]string, list []string, line int) bool { - if maps["meta"] == arg[3] { - m.Echo(maps["key"]) - return false - } - return true - }) - } + } + + userrole := maps["meta"] + if userrole == "root" { + m.Echo("true") + return false + } + + if len(arg) >= 6 { + if m.Cmds("aaa.auth", bid, "ship", "check", arg[5]) { + m.Echo("true") + return false + } + if cid := m.Cmdx("aaa.auth", bid, "ship", "userrole", userrole, "componet", arg[3], "check", arg[5]); ctx.Right(cid) { + m.Cmd("aaa.auth", bid, cid) + m.Echo("true") + return false + } + } else if len(arg) >= 4 { + if m.Cmds("aaa.auth", bid, "ship", "check", arg[3]) { + m.Echo("true") + return false + } + if cid := m.Cmdx("aaa.auth", bid, "ship", "userrole", userrole, "check", arg[3]); ctx.Right(cid) { + m.Cmd("aaa.auth", bid, cid) + m.Echo("true") + return false + } + } + return true + }) - if cid := m.Cmdx("aaa.auth", "ship", "userrole", arg[1:]); cid != "" { - m.Cmd("aaa.auth", bid, cid) - m.Echo(cid) - } default: m.Cmdx("aaa.auth", bid, "data", arg) } diff --git a/src/contexts/ctx/ctx.go b/src/contexts/ctx/ctx.go index d2723a95..69ce4487 100644 --- a/src/contexts/ctx/ctx.go +++ b/src/contexts/ctx/ctx.go @@ -1491,6 +1491,21 @@ func (m *Message) Confm(key string, args ...interface{}) map[string]interface{} } if len(args) > 1 { switch fun := args[1].(type) { + case func(map[string]interface{}): + if value, ok := m.Confv(key, args[0]).(map[string]interface{}); ok { + fun(value) + } + return nil + case func(int, map[string]interface{}): + if value, ok := m.Confv(key, args[0]).([]interface{}); ok { + for i, v := range value { + if val, ok := v.(map[string]interface{}); ok { + fun(i, val) + } + } + return nil + } + return nil case func(string, map[string]interface{}): if value, ok := m.Confv(key, args[0]).(map[string]interface{}); ok { for k, v := range value { @@ -2930,9 +2945,10 @@ var Index = &Context{Name: "ctx", Help: "模块中心", switch action { case "cmd": - if m.Options("command_sso") && !m.Sess("aaa").Cmd("auth", "ship", - "userrole", m.Option("sso_userrole"), "componet", m.Option("sso_componet"), "command", m.Option("sso_command"), - "data", arg[0]).Results(0) { + + if m.Options("sso_bench") && m.Options("sso_username") && + !m.Cmds("aaa.work", m.Option("sso_bench"), "right", m.Option("sso_username"), "componet", "source", "command", arg[0]) { + m.Log("info", "sso check %v: %v failure", m.Option("sso_componet"), m.Option("sso_command")) m.Echo("error: ").Echo("no right [%s: %s %s]", m.Option("sso_componet"), m.Option("sso_command"), arg[0]) break diff --git a/src/contexts/web/web.go b/src/contexts/web/web.go index 0b5d5c41..9b3c53eb 100644 --- a/src/contexts/web/web.go +++ b/src/contexts/web/web.go @@ -167,7 +167,6 @@ func (web *WEB) HandleCmd(m *ctx.Message, key string, cmd *ctx.Command) { return } - msg.Option("username", cas.Username(r)) for k, v := range cas.Attributes(r) { for _, val := range v { msg.Add("option", k, val) @@ -175,6 +174,10 @@ func (web *WEB) HandleCmd(m *ctx.Message, key string, cmd *ctx.Command) { } if msg.Options("ticket") { + msg.Option("username", cas.Username(r)) + if lark := m.Find("web.chat.lark"); lark != nil { + msg.Option("username", lark.Cmdx("user", msg.Option("email"), "id")) + } msg.Option("uuid", msg.Option(msg.Conf("cas_uuid"))) msg.Option("sessid", msg.Spawn().Cmd("session", "uuid").Result(0)) @@ -1104,14 +1107,14 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", // 会话检查 if m.Options("right", !m.Confs("login_right") || !m.Confs("componet", "login")) { // 禁用权限 - } else if userrole := m.Option("userrole", m.Cmd("web.session").Append("userrole")); userrole == "" { // 用户登录 + } else if username := m.Option("username", m.Cmd("web.session").Append("username")); username == "" { // 用户登录 group, order = m.Option("componet_group", "login"), m.Option("componet_name", "") } else if group == "login" { // 登录成功 return } else if !m.Options("bench") || !m.Cmds("aaa.work", m.Option("bench")) { // 创建空间 m.Append("redirect", merge(m, m.Option("index_url"), "bench", m.Cmdx("aaa.work", m.Option("sessid"), "create", "web"))) return - } else if !m.Options("right", m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("userrole"), "componet", m.Option("componet_group"))) { // 没有权限 + } else if !m.Options("right", m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("username"), "componet", m.Option("componet_group"))) { // 没有权限 group, order = m.Option("componet_group", "login"), m.Option("componet_name", "") } else { //n访问成功 m.Cmd("aaa.auth", m.Option("bench"), "data", "access_time", m.Time()) @@ -1119,7 +1122,7 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", m.Optionv("bench_data", m.Confv("auth", []string{m.Option("bench"), "data"})) } - m.Log("info", "json: %v group: %v order: %v userrole: %v right: %v", accept_json, group, order, m.Option("userrole"), m.Option("right")) + m.Log("info", "json: %v group: %v order: %v username: %v right: %v", accept_json, group, order, m.Option("username"), m.Option("right")) for _, v := range m.Confv("componet", group).([]interface{}) { val := v.(map[string]interface{}) @@ -1189,7 +1192,9 @@ var Index = &ctx.Context{Name: "web", Help: "应用中心", } // 执行命令 - if pre_run || !m.Options("bench") || m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("userrole"), "componet", m.Option("componet_group"), "command", args[0]) { + if pre_run || !m.Options("bench") || m.Cmds("aaa.work", m.Option("bench"), "right", m.Option("username"), "componet", m.Option("componet_group"), "command", args[0]) { + msg.Option("sso_bench", m.Option("bench")) + msg.Option("sso_username", m.Option("username")) msg.Cmd(args) if m.Options("bench") {