From fbcdb90d7992c29fbd273b9c9ba4df417184da34 Mon Sep 17 00:00:00 2001 From: maslow Date: Thu, 29 Jul 2021 02:07:32 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=96=B0=E5=A2=9E=E9=83=A8=E7=BD=B2?= =?UTF-8?q?=E8=AE=BF=E9=97=AE=E7=AD=96=E7=95=A5=E6=8E=A5=E5=8F=A3,=20?= =?UTF-8?q?=E4=BF=AE=E6=94=B9=20http=20=E6=B5=8B=E8=AF=95=E7=94=A8?= =?UTF-8?q?=E4=BE=8B=EF=BC=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .vscode/settings.json | 4 +- packages/devops-server/http/admin.http | 4 +- packages/devops-server/http/dbm.http | 4 +- packages/devops-server/http/deploy.http | 20 +++++ .../router/admin/{admin.ts => handlers.ts} | 24 +++--- .../devops-server/src/router/admin/index.ts | 2 +- .../devops-server/src/router/deploy/index.ts | 36 +++++++++ .../devops-server/src/router/entry/admin.ts | 74 ----------------- .../devops-server/src/router/entry/dbm.ts | 42 ---------- .../src/router/entry/sys_rules.ts | 81 ------------------- 10 files changed, 76 insertions(+), 215 deletions(-) create mode 100644 packages/devops-server/http/deploy.http rename packages/devops-server/src/router/admin/{admin.ts => handlers.ts} (88%) create mode 100644 packages/devops-server/src/router/deploy/index.ts delete mode 100644 packages/devops-server/src/router/entry/admin.ts delete mode 100644 packages/devops-server/src/router/entry/dbm.ts delete mode 100644 packages/devops-server/src/router/entry/sys_rules.ts diff --git a/.vscode/settings.json b/.vscode/settings.json index e9bddaf8ee..84661208c5 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -3,7 +3,9 @@ "rest-client.environmentVariables": { "$shared": {}, "test": { - "base_url": "http://127.0.0.1:8080" + "base_url": "http://127.0.0.1:9000", + "sys_admin": "laf-sys", + "sys_password": "laf-sys" } } } \ No newline at end of file diff --git a/packages/devops-server/http/admin.http b/packages/devops-server/http/admin.http index 094185e9b6..5e19241dbe 100644 --- a/packages/devops-server/http/admin.http +++ b/packages/devops-server/http/admin.http @@ -8,8 +8,8 @@ POST {{base_url}}/admin/login HTTP/1.1 Content-Type: application/json { - "username": "less", - "password": "less123" + "username": "{{sys_admin}}", + "password": "{{sys_password}}" } ### 管理员信息 diff --git a/packages/devops-server/http/dbm.http b/packages/devops-server/http/dbm.http index 576f9b4e41..c547b4b09d 100644 --- a/packages/devops-server/http/dbm.http +++ b/packages/devops-server/http/dbm.http @@ -8,8 +8,8 @@ POST {{base_url}}/admin/login HTTP/1.1 Content-Type: application/json { - "username": "less", - "password": "less123" + "username": "{{sys_admin}}", + "password": "{{sys_password}}" } ### 获取集合列表 diff --git a/packages/devops-server/http/deploy.http b/packages/devops-server/http/deploy.http new file mode 100644 index 0000000000..bae9d52121 --- /dev/null +++ b/packages/devops-server/http/deploy.http @@ -0,0 +1,20 @@ + +@token={{login.response.body.$.data.access_token}} + +### 管理员登陆 +# @name login + +POST {{base_url}}/admin/login HTTP/1.1 +Content-Type: application/json + +{ + "username": "{{sys_admin}}", + "password": "{{sys_password}}" +} + + +### 部署访问策略 + +POST {{base_url}}/deploy/policy +Content-Type: application/json;charset=UTF-8 +Authorization: Bearer {{token}} diff --git a/packages/devops-server/src/router/admin/admin.ts b/packages/devops-server/src/router/admin/handlers.ts similarity index 88% rename from packages/devops-server/src/router/admin/admin.ts rename to packages/devops-server/src/router/admin/handlers.ts index c5a9fb0646..cae73681e9 100644 --- a/packages/devops-server/src/router/admin/admin.ts +++ b/packages/devops-server/src/router/admin/handlers.ts @@ -22,10 +22,10 @@ export async function handleAdminLogin(req: Request, res: Response) { }) } - const ret = await db.collection('admins') + const ret = await db.collection('__admins') .withOne({ query: db - .collection('password') + .collection('__password') .where({ password: hashPassword(password), type: 'login' }), localField: '_id', foreignField: 'uid' @@ -78,7 +78,7 @@ export async function handleAdminInfo(req: Request, res: Response) { } // - const ret = await db.collection('admins') + const ret = await db.collection('__admins') .where({ _id: uid }) .get() @@ -124,7 +124,7 @@ export async function handleAdminAdd(req: Request, res: Response) { } // 验证用户是否已存在 - const { total } = await db.collection('admins').where({ username }).count() + const { total } = await db.collection('__admins').where({ username }).count() if (total > 0) { return res.send({ code: 1, @@ -133,7 +133,7 @@ export async function handleAdminAdd(req: Request, res: Response) { } // 验证 roles 是否合法 - const { total: valid_count } = await db.collection('roles') + const { total: valid_count } = await db.collection('__roles') .where({ name: db.command.in(roles) }).count() @@ -146,7 +146,7 @@ export async function handleAdminAdd(req: Request, res: Response) { } // add admin - const r = await db.collection('admins') + const r = await db.collection('__admins') .add({ username, name: name ?? null, @@ -157,7 +157,7 @@ export async function handleAdminAdd(req: Request, res: Response) { }) // add admin password - await db.collection('password') + await db.collection('__password') .add({ uid: r.id, password: hashPassword(password), @@ -199,7 +199,7 @@ export async function handleAdminEdit(req: Request, res: Response) { } // 验证 uid 是否合法 - const { data: admins } = await db.collection('admins').where({ _id: uid }).get() + const { data: admins } = await db.collection('__admins').where({ _id: uid }).get() if (!admins || !admins.length) { return res.send({ code: 1, @@ -208,7 +208,7 @@ export async function handleAdminEdit(req: Request, res: Response) { } // 验证 roles 是否合法 - const { total: valid_count } = await db.collection('roles') + const { total: valid_count } = await db.collection('__roles') .where({ name: db.command.in(roles) }).count() @@ -222,7 +222,7 @@ export async function handleAdminEdit(req: Request, res: Response) { // update password if (password) { - await db.collection('password') + await db.collection('__password') .where({ uid: uid }) .update({ password: hashPassword(password), @@ -239,7 +239,7 @@ export async function handleAdminEdit(req: Request, res: Response) { // username if (username && username != old.username) { - const { total } = await db.collection('admins').where({ username }).count() + const { total } = await db.collection('__admins').where({ username }).count() if (total) { return res.send({ code: 1, @@ -264,7 +264,7 @@ export async function handleAdminEdit(req: Request, res: Response) { data['roles'] = roles } - const r = await db.collection('admins') + const r = await db.collection('__admins') .where({ _id: uid }) .update(data) diff --git a/packages/devops-server/src/router/admin/index.ts b/packages/devops-server/src/router/admin/index.ts index 7219e182b8..ac67059633 100644 --- a/packages/devops-server/src/router/admin/index.ts +++ b/packages/devops-server/src/router/admin/index.ts @@ -1,6 +1,6 @@ import { Router } from 'express' -import { handleAdminAdd, handleAdminEdit, handleAdminInfo, handleAdminLogin } from './admin' +import { handleAdminAdd, handleAdminEdit, handleAdminInfo, handleAdminLogin } from './handlers' export const AdminRouter = Router() diff --git a/packages/devops-server/src/router/deploy/index.ts b/packages/devops-server/src/router/deploy/index.ts new file mode 100644 index 0000000000..02eae1b57a --- /dev/null +++ b/packages/devops-server/src/router/deploy/index.ts @@ -0,0 +1,36 @@ +import * as express from 'express' +import { checkPermission } from '../../api/permission' +import { deployAccessPolicy } from '../../api/rules' +import { Globals } from '../../lib/globals' + +const logger = Globals.logger +export const DeployRouter = express.Router() + + +/** + * + */ +DeployRouter.post('/policy', async (req, res) => { + const requestId = req['requestId'] + logger.info(requestId, `post /deploy/policy`) + + // 权限验证 + const code = await checkPermission(req['auth']?.uid, 'deploy.policy') + if (code) { + return res.status(code).send() + } + + try { + const r = await deployAccessPolicy() + + return res.send({ + code: 0, + data: r + }) + } catch (error) { + return res.send({ + code: 1, + error: error + }) + } +}) \ No newline at end of file diff --git a/packages/devops-server/src/router/entry/admin.ts b/packages/devops-server/src/router/entry/admin.ts deleted file mode 100644 index 6c1491bc5c..0000000000 --- a/packages/devops-server/src/router/entry/admin.ts +++ /dev/null @@ -1,74 +0,0 @@ -import { Router } from 'express' -import { Entry, Ruler } from 'less-api' -import Config from '../../config' -import { getPermissions } from '../../api/permission' -import { Globals } from '../../lib/globals' - -import sys_rules from './sys_rules' - -export const DevOpsEntryRouter = Router() - -const logger = Globals.logger -const accessor = Globals.sys_accessor - -const ruler = new Ruler(accessor) -ruler.load(sys_rules) - - -/** - * Sys Db Access Entry - */ -DevOpsEntryRouter.post('/entry', async (req, res) => { - const requestId = req['requestId'] - const auth = req['auth'] ?? {} - - if (!auth.uid) { - return res.status(401).send() - } - - const { permissions, roles } = await getPermissions(auth.uid) - - // parse params - const entry = new Entry(accessor, ruler) - const params = entry.parseParams({ ...req.body, requestId }) - - const injections = { - $uid: auth.uid, - $roles: roles, - $perms: permissions, - $has: (perm_name: string) => { - return permissions.includes(perm_name) - }, - $is: (role_name: string) => { - return roles.includes(role_name) - } - } - - // validate query - const result = await entry.validate(params, injections) - if (result.errors) { - logger.debug(requestId, `validate return errors: `, result.errors) - return res.status(403).send({ - code: 'permission denied', - error: result.errors, - injections: Config.isProd ? undefined : injections - }) - } - - // execute query - try { - const data = await entry.execute(params) - logger.trace(requestId, `executed query: `, data) - - return res.send({ - code: 0, - data - }) - } catch (error) { - return res.send({ - code: 2, - error: error.toString(), - injections: Config.isProd ? undefined : injections - }) - } -}) \ No newline at end of file diff --git a/packages/devops-server/src/router/entry/dbm.ts b/packages/devops-server/src/router/entry/dbm.ts deleted file mode 100644 index ff4372f965..0000000000 --- a/packages/devops-server/src/router/entry/dbm.ts +++ /dev/null @@ -1,42 +0,0 @@ -import { Router } from 'express' -import { Entry, Ruler } from 'less-api' -import { Globals } from '../../lib/globals' -import { checkPermission } from '../../api/permission' - -export const DbmEntryRouter = Router() - -/** - * 数据库数据管理入口请求:管理 app db - */ -DbmEntryRouter.post('/entry', async (req, res) => { - const requestId = req['requestId'] - - // 权限验证 - const code = await checkPermission(req['auth']?.uid, 'database.manage') - if (code) { - return res.status(code).send() - } - - const accessor = Globals.app_accessor - - // 此处无需进行访问策略验证 - const entry = new Entry(accessor, new Ruler(accessor)) - - // parse params - const params = entry.parseParams({ ...req.body, requestId }) - - // execute query - try { - const data = await entry.execute(params) - - return res.send({ - code: 0, - data - }) - } catch (error) { - return res.send({ - code: 2, - error: error - }) - } -}) \ No newline at end of file diff --git a/packages/devops-server/src/router/entry/sys_rules.ts b/packages/devops-server/src/router/entry/sys_rules.ts deleted file mode 100644 index 73b15eb00c..0000000000 --- a/packages/devops-server/src/router/entry/sys_rules.ts +++ /dev/null @@ -1,81 +0,0 @@ -export default { - "admins": { - "read": "$has('admin.read')", - "update": "$has('admin.edit')", - "add": "$has('admin.create')", - "remove": "$has('admin.delete')" - }, - "permissions": { - "read": "$has('permission.read')", - "update": "$has('permission.edit')", - "add": "$has('permission.create')", - "remove": { - "condition": "$has('permission.delete')", - "query": { - "name": { - "required": true, - "notExists": "/roles/permissions" - } - } - }, - "count": "$has('permission.read')" - }, - "roles": { - "read": "$has('role.read')", - "update": "$has('role.edit')", - "add": "$has('role.create')", - "remove": { - "condition": "$has('role.delete')", - "query": { - "name": { - "required": true, - "notExists": "/admins/roles" - } - } - } - }, - "rules": { - "read": "$has('rule.read')", - "update": "$has('rule.edit')", - "add": "$has('rule.create')", - "remove": "$has('rule.delete')" - }, - "functions": { - "read": "$has('function.read')", - "update": "$has('function.edit')", - "add": "$has('function.create')", - "remove": { - "condition": "$has('function.delete')", - "query": { - "_id": { - "notExists": "/triggers/func_id" - }, - "status": { - "required": true, - "default": 0, - "in": [ - 0 - ] - } - } - }, - "count": "$has('function.read')" - }, - "function_logs": { - "read": "$has('function_logs.read')", - "remove": "$has('function_logs.remove')", - "count": "$has('function_logs.read')" - }, - "function_history": { - "read": "$has('function_history.read')", - "add": "$has('function_history.create')", - "count": "$has('function_history.read')" - }, - "triggers": { - "read": "$has('trigger.read')", - "update": "$has('trigger.edit')", - "add": "$has('trigger.create')", - "remove": "$has('trigger.delete') && query.status === 0", - "count": "$has('trigger.read')" - } -} \ No newline at end of file