opt aaa

2025-04-25 16:58:06 +08:00 · 2019-07-27 09:26:38 +08:00 · 2019-07-27 09:26:38 +08:00 · c0c9f26fe2
commit c0c9f26fe2
parent 28493d4ba5
5 changed files with 502 additions and 598 deletions
--- a/bin/boot.sh
+++ b/bin/boot.sh
@ -9,6 +9,8 @@ ctx_bin=${ctx_app} && [ -f bin/${ctx_app} ] && ctx_bin=$(pwd)/bin/${ctx_app}
 ctx_dev=${ctx_dev:="https://shylinux.com"}
 ctx_root=${ctx_root:=/usr/local/context}
 ctx_home=${ctx_home:=~/context}
+# node_cert=
+# node_key=
 # web_port=
 # ssh_port=
 # HOSTNAME=
--- a/src/contexts/aaa/aaa.go
+++ b/src/contexts/aaa/aaa.go
--- a/src/contexts/cli/version.go
+++ b/src/contexts/cli/version.go
@ -4,5 +4,5 @@ var version = struct {
 	host string
 	self int
 }{
-	"2019-07-27 05:58:32", "com", 218,
+	"2019-07-27 06:00:22", "mac", 219,
 }
--- a/src/contexts/ssh/ssh.go
+++ b/src/contexts/ssh/ssh.go
@ -1070,22 +1070,21 @@ var Index = &ctx.Context{Name: "ssh", Help: "集群中心",
 			return
 		}},
 		"_exec": &ctx.Command{Name: "_exec", Help: "命令", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
-			access := kit.Hashs(
+			access := m.Option("access", kit.Hashs(
 				m.Option("node.route"),
 				m.Option("user.route"),
 				m.Option("work.route"),
 				m.Option("work.name"),
 				m.Option("user.name"),
 				m.Option("text.username"),
-			)
+			))

-			if m.Option("sessid", m.Cmd("aaa.auth", "access", access, "session").Append("key")); m.Option("username", m.Cmd("aaa.sess", "user").Append("meta")) != "" { // 历史会话
+			if m.Option("sessid", m.Cmd("aaa.auth", "access", access, "session").Append("key")) != "" &&
+				m.Option("username", m.Cmd("aaa.sess", "user").Append("meta")) != "" { // 历史会话
 				m.Log("warn", "access: %s", access)
 				m.Log("info", "sessid: %s", m.Option("sessid"))
 				m.Option("trust", m.Cmdx("aaa.auth", "access", access, "data", "trust"))
-				if m.Option("userrole", m.Cmdx("aaa.auth", "access", access, "data", "userrole")); !m.Options("userrole") {
-					m.Option("userrole", m.Cmd("aaa.user", "role").Append("meta"))
-				}
+				m.Option("userrole", m.Cmdx("aaa.auth", "access", access, "data", "userrole"))

 			} else if m.Option("username", m.Option("text.username")); !m.Confs("runtime", "user.route") && m.Confs("trust", "fresh") { // 免签节点
 				m.Log("warn", "trust fresh %s", m.Option("node.route"))
@ -1116,7 +1115,10 @@ var Index = &ctx.Context{Name: "ssh", Help: "集群中心",
 				return
 			}

-			m.Log("info", "username: %s", m.Option("username"))
+			// 用户角色
+			if m.Log("info", "username: %s", m.Option("username")); !m.Options("userrole") {
+				m.Option("userrole", kit.Select("void", m.Cmd("aaa.user", "role").Append("meta")))
+			}
 			m.Log("info", "userrole: %s", m.Option("userrole"))

 			// 创建会话
@ -1127,13 +1129,9 @@ var Index = &ctx.Context{Name: "ssh", Help: "集群中心",
 			}

 			// 权限检查
-			if arg[0] != "tool" {
-				// 创建空间
-				m.Option("bench", m.Cmdx("aaa.sess", "bench", "select"))
-				if !m.Cmds("aaa.work", "right", "remote", arg[0]) {
-					m.Echo("no right %s %s", "remote", arg[0])
-					return
-				}
+			if !m.Cmds("aaa.role", m.Option("userrole"), "check", "remote", arg[0]) {
+				m.Echo("no right %s %s", "remote", arg[0])
+				return
 			}

 			// 执行命令
--- a/src/toolkit/core.go
+++ b/src/toolkit/core.go
@ -4,7 +4,6 @@ import (
 	"crypto/md5"
 	"encoding/hex"
 	"fmt"
-	"io"
 	"math/rand"
 	"os"
 	"path"
@ -79,16 +78,6 @@ func Hash(arg ...interface{}) (string, []string) {
 			args = append(args, Format(time.Now()))
 			args = append(args, Format(rand.Int()))
 		default:
-			if s, e := os.Stat(v); e == nil && !s.IsDir() {
-				if f, e := os.Open(v); e == nil {
-					defer f.Close()
-					m := md5.New()
-					io.Copy(m, f)
-					h := m.Sum(nil)
-					args = append(args, hex.EncodeToString(h[:]))
-					return hex.EncodeToString(h[:]), args
-				}
-			}
 			args = append(args, v)
 		}
 	}