带阿里标识的版本
This commit is contained in:
robin
@@ -39,6 +39,7 @@ type HTTPDNSAccessLogListFilter struct {
|
||||
ClusterId int64
|
||||
NodeId int64
|
||||
AppId string
|
||||
AppIds []string
|
||||
Domain string
|
||||
Status string
|
||||
Keyword string
|
||||
@@ -215,6 +216,20 @@ func (s *HTTPDNSAccessLogsStore) buildConditions(f HTTPDNSAccessLogListFilter) [
|
||||
}
|
||||
if appID := strings.TrimSpace(f.AppId); appID != "" {
|
||||
conditions = append(conditions, "app_id = '"+escapeString(appID)+"'")
|
||||
} else if len(f.AppIds) > 0 {
|
||||
validAppIds := make([]string, 0, len(f.AppIds))
|
||||
for _, appID := range f.AppIds {
|
||||
appID = strings.TrimSpace(appID)
|
||||
if len(appID) == 0 {
|
||||
continue
|
||||
}
|
||||
validAppIds = append(validAppIds, "'"+escapeString(appID)+"'")
|
||||
}
|
||||
if len(validAppIds) == 0 {
|
||||
conditions = append(conditions, "1 = 0")
|
||||
} else {
|
||||
conditions = append(conditions, "app_id IN ("+strings.Join(validAppIds, ",")+")")
|
||||
}
|
||||
}
|
||||
if domain := strings.TrimSpace(f.Domain); domain != "" {
|
||||
conditions = append(conditions, "domain = '"+escapeString(domain)+"'")
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
_ "github.com/go-sql-driver/mysql"
|
||||
"github.com/iwind/TeaGo/Tea"
|
||||
"github.com/iwind/TeaGo/dbs"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type HTTPDNSAccessLogDAO dbs.DAO
|
||||
@@ -52,6 +53,10 @@ func (this *HTTPDNSAccessLogDAO) CreateLog(tx *dbs.Tx, log *HTTPDNSAccessLog) er
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAccessLogDAO) BuildListQuery(tx *dbs.Tx, day string, clusterId int64, nodeId int64, appId string, domain string, status string, keyword string) *dbs.Query {
|
||||
return this.BuildListQueryWithAppIds(tx, day, clusterId, nodeId, appId, nil, domain, status, keyword)
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAccessLogDAO) BuildListQueryWithAppIds(tx *dbs.Tx, day string, clusterId int64, nodeId int64, appId string, appIds []string, domain string, status string, keyword string) *dbs.Query {
|
||||
query := this.Query(tx).DescPk()
|
||||
if len(day) > 0 {
|
||||
query = query.Attr("day", day)
|
||||
@@ -62,6 +67,21 @@ func (this *HTTPDNSAccessLogDAO) BuildListQuery(tx *dbs.Tx, day string, clusterI
|
||||
if nodeId > 0 {
|
||||
query = query.Attr("nodeId", nodeId)
|
||||
}
|
||||
if len(appIds) > 0 {
|
||||
validAppIds := make([]string, 0, len(appIds))
|
||||
for _, value := range appIds {
|
||||
value = strings.TrimSpace(value)
|
||||
if len(value) == 0 {
|
||||
continue
|
||||
}
|
||||
validAppIds = append(validAppIds, value)
|
||||
}
|
||||
if len(validAppIds) == 0 {
|
||||
query = query.Where("1 = 0")
|
||||
} else {
|
||||
query = query.Attr("appId", validAppIds)
|
||||
}
|
||||
}
|
||||
if len(appId) > 0 {
|
||||
query = query.Attr("appId", appId)
|
||||
}
|
||||
@@ -78,11 +98,24 @@ func (this *HTTPDNSAccessLogDAO) BuildListQuery(tx *dbs.Tx, day string, clusterI
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAccessLogDAO) CountLogs(tx *dbs.Tx, day string, clusterId int64, nodeId int64, appId string, domain string, status string, keyword string) (int64, error) {
|
||||
return this.BuildListQuery(tx, day, clusterId, nodeId, appId, domain, status, keyword).Count()
|
||||
return this.BuildListQueryWithAppIds(tx, day, clusterId, nodeId, appId, nil, domain, status, keyword).Count()
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAccessLogDAO) ListLogs(tx *dbs.Tx, day string, clusterId int64, nodeId int64, appId string, domain string, status string, keyword string, offset int64, size int64) (result []*HTTPDNSAccessLog, err error) {
|
||||
_, err = this.BuildListQuery(tx, day, clusterId, nodeId, appId, domain, status, keyword).
|
||||
_, err = this.BuildListQueryWithAppIds(tx, day, clusterId, nodeId, appId, nil, domain, status, keyword).
|
||||
Offset(offset).
|
||||
Limit(size).
|
||||
Slice(&result).
|
||||
FindAll()
|
||||
return
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAccessLogDAO) CountLogsWithAppIds(tx *dbs.Tx, day string, clusterId int64, nodeId int64, appId string, appIds []string, domain string, status string, keyword string) (int64, error) {
|
||||
return this.BuildListQueryWithAppIds(tx, day, clusterId, nodeId, appId, appIds, domain, status, keyword).Count()
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAccessLogDAO) ListLogsWithAppIds(tx *dbs.Tx, day string, clusterId int64, nodeId int64, appId string, appIds []string, domain string, status string, keyword string, offset int64, size int64) (result []*HTTPDNSAccessLog, err error) {
|
||||
_, err = this.BuildListQueryWithAppIds(tx, day, clusterId, nodeId, appId, appIds, domain, status, keyword).
|
||||
Offset(offset).
|
||||
Limit(size).
|
||||
Slice(&result).
|
||||
|
||||
@@ -85,6 +85,18 @@ func (this *HTTPDNSAppDAO) FindEnabledApp(tx *dbs.Tx, appDbId int64) (*HTTPDNSAp
|
||||
return one.(*HTTPDNSApp), nil
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) FindEnabledAppWithUser(tx *dbs.Tx, appDbId int64, userId int64) (*HTTPDNSApp, error) {
|
||||
one, err := this.Query(tx).
|
||||
Pk(appDbId).
|
||||
State(HTTPDNSAppStateEnabled).
|
||||
Attr("userId", userId).
|
||||
Find()
|
||||
if one == nil {
|
||||
return nil, err
|
||||
}
|
||||
return one.(*HTTPDNSApp), nil
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) FindEnabledAppWithAppId(tx *dbs.Tx, appId string) (*HTTPDNSApp, error) {
|
||||
one, err := this.Query(tx).
|
||||
State(HTTPDNSAppStateEnabled).
|
||||
@@ -96,6 +108,31 @@ func (this *HTTPDNSAppDAO) FindEnabledAppWithAppId(tx *dbs.Tx, appId string) (*H
|
||||
return one.(*HTTPDNSApp), nil
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) FindEnabledAppWithAppIdAndUser(tx *dbs.Tx, appId string, userId int64) (*HTTPDNSApp, error) {
|
||||
one, err := this.Query(tx).
|
||||
State(HTTPDNSAppStateEnabled).
|
||||
Attr("appId", appId).
|
||||
Attr("userId", userId).
|
||||
Find()
|
||||
if one == nil {
|
||||
return nil, err
|
||||
}
|
||||
return one.(*HTTPDNSApp), nil
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) FindLatestEnabledAppWithNameAndUser(tx *dbs.Tx, name string, userId int64) (*HTTPDNSApp, error) {
|
||||
one, err := this.Query(tx).
|
||||
State(HTTPDNSAppStateEnabled).
|
||||
Attr("name", name).
|
||||
Attr("userId", userId).
|
||||
DescPk().
|
||||
Find()
|
||||
if one == nil {
|
||||
return nil, err
|
||||
}
|
||||
return one.(*HTTPDNSApp), nil
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) ListEnabledApps(tx *dbs.Tx, offset int64, size int64, keyword string) (result []*HTTPDNSApp, err error) {
|
||||
query := this.Query(tx).
|
||||
State(HTTPDNSAppStateEnabled).
|
||||
@@ -110,6 +147,21 @@ func (this *HTTPDNSAppDAO) ListEnabledApps(tx *dbs.Tx, offset int64, size int64,
|
||||
return
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) ListEnabledAppsWithUser(tx *dbs.Tx, userId int64, offset int64, size int64, keyword string) (result []*HTTPDNSApp, err error) {
|
||||
query := this.Query(tx).
|
||||
State(HTTPDNSAppStateEnabled).
|
||||
Attr("userId", userId).
|
||||
AscPk()
|
||||
if len(keyword) > 0 {
|
||||
query = query.Where("(name LIKE :kw OR appId LIKE :kw)").Param("kw", "%"+keyword+"%")
|
||||
}
|
||||
if size > 0 {
|
||||
query = query.Offset(offset).Limit(size)
|
||||
}
|
||||
_, err = query.Slice(&result).FindAll()
|
||||
return
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) CountEnabledApps(tx *dbs.Tx, keyword string) (int64, error) {
|
||||
query := this.Query(tx).State(HTTPDNSAppStateEnabled)
|
||||
if len(keyword) > 0 {
|
||||
@@ -118,6 +170,14 @@ func (this *HTTPDNSAppDAO) CountEnabledApps(tx *dbs.Tx, keyword string) (int64,
|
||||
return query.Count()
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) CountEnabledAppsWithUser(tx *dbs.Tx, userId int64, keyword string) (int64, error) {
|
||||
query := this.Query(tx).State(HTTPDNSAppStateEnabled).Attr("userId", userId)
|
||||
if len(keyword) > 0 {
|
||||
query = query.Where("(name LIKE :kw OR appId LIKE :kw)").Param("kw", "%"+keyword+"%")
|
||||
}
|
||||
return query.Count()
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) FindAllEnabledApps(tx *dbs.Tx) (result []*HTTPDNSApp, err error) {
|
||||
_, err = this.Query(tx).
|
||||
State(HTTPDNSAppStateEnabled).
|
||||
@@ -126,3 +186,28 @@ func (this *HTTPDNSAppDAO) FindAllEnabledApps(tx *dbs.Tx) (result []*HTTPDNSApp,
|
||||
FindAll()
|
||||
return
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) FindAllEnabledAppsWithUser(tx *dbs.Tx, userId int64) (result []*HTTPDNSApp, err error) {
|
||||
_, err = this.Query(tx).
|
||||
State(HTTPDNSAppStateEnabled).
|
||||
Attr("userId", userId).
|
||||
AscPk().
|
||||
Slice(&result).
|
||||
FindAll()
|
||||
return
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppDAO) ListEnabledAppIdsWithUser(tx *dbs.Tx, userId int64) (result []string, err error) {
|
||||
apps, err := this.FindAllEnabledAppsWithUser(tx, userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result = make([]string, 0, len(apps))
|
||||
for _, app := range apps {
|
||||
if app == nil || len(app.AppId) == 0 {
|
||||
continue
|
||||
}
|
||||
result = append(result, app.AppId)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
@@ -38,6 +38,27 @@ func init() {
|
||||
func (this *HTTPDNSAppSecretDAO) InitAppSecret(tx *dbs.Tx, appDbId int64, signEnabled bool) (string, uint64, error) {
|
||||
signSecret := "ss_" + rands.HexString(12)
|
||||
now := uint64(time.Now().Unix())
|
||||
|
||||
// 兼容历史数据:如果已存在(可能是停用状态)则直接恢复并更新,避免 UNIQUE(appId) 冲突
|
||||
old, err := this.Query(tx).
|
||||
Attr("appId", appDbId).
|
||||
Find()
|
||||
if err != nil {
|
||||
return "", 0, err
|
||||
}
|
||||
if old != nil {
|
||||
oldSecret := old.(*HTTPDNSAppSecret)
|
||||
_, err = this.Query(tx).
|
||||
Pk(oldSecret.Id).
|
||||
Set("signEnabled", signEnabled).
|
||||
Set("signSecret", signSecret).
|
||||
Set("signUpdatedAt", now).
|
||||
Set("updatedAt", now).
|
||||
Set("state", HTTPDNSAppSecretStateEnabled).
|
||||
Update()
|
||||
return signSecret, now, err
|
||||
}
|
||||
|
||||
var op = NewHTTPDNSAppSecretOperator()
|
||||
op.AppId = appDbId
|
||||
op.SignEnabled = signEnabled
|
||||
@@ -45,7 +66,7 @@ func (this *HTTPDNSAppSecretDAO) InitAppSecret(tx *dbs.Tx, appDbId int64, signEn
|
||||
op.SignUpdatedAt = now
|
||||
op.UpdatedAt = now
|
||||
op.State = HTTPDNSAppSecretStateEnabled
|
||||
err := this.Save(tx, op)
|
||||
err = this.Save(tx, op)
|
||||
return signSecret, now, err
|
||||
}
|
||||
|
||||
|
||||
@@ -152,6 +152,22 @@ func (this *HTTPDNSClusterDAO) FindAllEnabledClusters(tx *dbs.Tx) (result []*HTT
|
||||
return
|
||||
}
|
||||
|
||||
func (this *HTTPDNSClusterDAO) FindDefaultPrimaryClusterId(tx *dbs.Tx) (int64, error) {
|
||||
col, err := this.Query(tx).
|
||||
State(HTTPDNSClusterStateEnabled).
|
||||
Attr("isDefault", true).
|
||||
Result("id").
|
||||
AscPk().
|
||||
FindCol(nil)
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
if col == nil {
|
||||
return 0, nil
|
||||
}
|
||||
return types.Int64(col), nil
|
||||
}
|
||||
|
||||
func (this *HTTPDNSClusterDAO) UpdateDefaultCluster(tx *dbs.Tx, clusterId int64) error {
|
||||
err := this.Query(tx).
|
||||
State(HTTPDNSClusterStateEnabled).
|
||||
|
||||
@@ -104,11 +104,16 @@ func (i *HTTPDNSNodeInstaller) Install(dir string, params interface{}, installSt
|
||||
_, _, _ = i.client.Exec("chown " + i.client.User() + " " + filepath.Dir(configFile))
|
||||
}
|
||||
|
||||
listenAddr := strings.TrimSpace(nodeParams.HTTPDNSListenAddr)
|
||||
if len(listenAddr) == 0 {
|
||||
listenAddr = ":443"
|
||||
}
|
||||
|
||||
configData := []byte(`rpc.endpoints: [ ${endpoints} ]
|
||||
nodeId: "${nodeId}"
|
||||
secret: "${nodeSecret}"
|
||||
|
||||
https.listenAddr: ":443"
|
||||
https.listenAddr: "${listenAddr}"
|
||||
https.cert: "${certFile}"
|
||||
https.key: "${keyFile}"`)
|
||||
certFileClean := strings.ReplaceAll(certFile, "\\", "/")
|
||||
@@ -117,6 +122,7 @@ https.key: "${keyFile}"`)
|
||||
configData = bytes.ReplaceAll(configData, []byte("${endpoints}"), []byte(nodeParams.QuoteEndpoints()))
|
||||
configData = bytes.ReplaceAll(configData, []byte("${nodeId}"), []byte(nodeParams.NodeId))
|
||||
configData = bytes.ReplaceAll(configData, []byte("${nodeSecret}"), []byte(nodeParams.Secret))
|
||||
configData = bytes.ReplaceAll(configData, []byte("${listenAddr}"), []byte(listenAddr))
|
||||
configData = bytes.ReplaceAll(configData, []byte("${certFile}"), []byte(certFileClean))
|
||||
configData = bytes.ReplaceAll(configData, []byte("${keyFile}"), []byte(keyFileClean))
|
||||
|
||||
|
||||
@@ -6,12 +6,13 @@ import (
|
||||
)
|
||||
|
||||
type NodeParams struct {
|
||||
Endpoints []string
|
||||
NodeId string
|
||||
Secret string
|
||||
TLSCertData []byte
|
||||
TLSKeyData []byte
|
||||
IsUpgrading bool // 是否为升级
|
||||
Endpoints []string
|
||||
NodeId string
|
||||
Secret string
|
||||
TLSCertData []byte
|
||||
TLSKeyData []byte
|
||||
HTTPDNSListenAddr string
|
||||
IsUpgrading bool // 是否为升级
|
||||
}
|
||||
|
||||
func (this *NodeParams) Validate() error {
|
||||
|
||||
@@ -1,15 +1,19 @@
|
||||
package installers
|
||||
package installers
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/goman"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/utils"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/utils/numberutils"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
|
||||
"github.com/iwind/TeaGo/logs"
|
||||
"github.com/iwind/TeaGo/maps"
|
||||
@@ -136,14 +140,20 @@ func (q *HTTPDNSNodeQueue) InstallNode(nodeId int64, installStatus *models.NodeI
|
||||
installStatus.ErrorCode = "EMPTY_TLS_CERT"
|
||||
return err
|
||||
}
|
||||
httpdnsListenAddr, err := q.resolveClusterTLSListenAddr(cluster)
|
||||
if err != nil {
|
||||
installStatus.ErrorCode = "INVALID_TLS_LISTEN"
|
||||
return err
|
||||
}
|
||||
|
||||
params := &NodeParams{
|
||||
Endpoints: apiEndpoints,
|
||||
NodeId: node.UniqueId,
|
||||
Secret: node.Secret,
|
||||
TLSCertData: tlsCertData,
|
||||
TLSKeyData: tlsKeyData,
|
||||
IsUpgrading: isUpgrading,
|
||||
Endpoints: apiEndpoints,
|
||||
NodeId: node.UniqueId,
|
||||
Secret: node.Secret,
|
||||
TLSCertData: tlsCertData,
|
||||
TLSKeyData: tlsKeyData,
|
||||
HTTPDNSListenAddr: httpdnsListenAddr,
|
||||
IsUpgrading: isUpgrading,
|
||||
}
|
||||
|
||||
installer := &HTTPDNSNodeInstaller{}
|
||||
@@ -246,6 +256,37 @@ func (q *HTTPDNSNodeQueue) resolveClusterTLSCertPair(cluster *models.HTTPDNSClus
|
||||
return nil, nil, errors.New("cluster tls certificate is not configured")
|
||||
}
|
||||
|
||||
func (q *HTTPDNSNodeQueue) resolveClusterTLSListenAddr(cluster *models.HTTPDNSCluster) (string, error) {
|
||||
const defaultListenAddr = ":443"
|
||||
|
||||
if cluster == nil || len(cluster.TLSPolicy) == 0 {
|
||||
return defaultListenAddr, nil
|
||||
}
|
||||
|
||||
tlsConfig, err := serverconfigs.NewTLSProtocolConfigFromJSON(cluster.TLSPolicy)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("decode cluster tls listen failed: %w", err)
|
||||
}
|
||||
|
||||
for _, listen := range tlsConfig.Listen {
|
||||
if listen == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if err := listen.Init(); err != nil {
|
||||
return "", fmt.Errorf("invalid cluster tls listen address '%s': %w", listen.PortRange, err)
|
||||
}
|
||||
if listen.MinPort <= 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
host := strings.TrimSpace(listen.Host)
|
||||
return net.JoinHostPort(host, strconv.Itoa(listen.MinPort)), nil
|
||||
}
|
||||
|
||||
return defaultListenAddr, nil
|
||||
}
|
||||
|
||||
func (q *HTTPDNSNodeQueue) parseSSHInfo(node *models.HTTPDNSNode) (string, int, int64, error) {
|
||||
if node == nil {
|
||||
return "", 0, 0, errors.New("node should not be nil")
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"log"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/clickhouse"
|
||||
@@ -132,16 +133,43 @@ func (s *HTTPDNSAccessLogService) CreateHTTPDNSAccessLogs(ctx context.Context, r
|
||||
}
|
||||
|
||||
func (s *HTTPDNSAccessLogService) ListHTTPDNSAccessLogs(ctx context.Context, req *pb.ListHTTPDNSAccessLogsRequest) (*pb.ListHTTPDNSAccessLogsResponse, error) {
|
||||
_, _, err := s.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, err := s.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
allowedAppIds := []string(nil)
|
||||
if userId > 0 {
|
||||
if len(strings.TrimSpace(req.GetAppId())) > 0 {
|
||||
app, err := ensureAppAccessByAppId(s.NullTx(), req.GetAppId(), userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return &pb.ListHTTPDNSAccessLogsResponse{
|
||||
Logs: []*pb.HTTPDNSAccessLog{},
|
||||
Total: 0,
|
||||
}, nil
|
||||
}
|
||||
} else {
|
||||
allowedAppIds, err = models.SharedHTTPDNSAppDAO.ListEnabledAppIdsWithUser(s.NullTx(), userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if len(allowedAppIds) == 0 {
|
||||
return &pb.ListHTTPDNSAccessLogsResponse{
|
||||
Logs: []*pb.HTTPDNSAccessLog{},
|
||||
Total: 0,
|
||||
}, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
store := clickhouse.NewHTTPDNSAccessLogsStore()
|
||||
canReadFromClickHouse := s.shouldReadHTTPDNSAccessLogsFromClickHouse() && store.Client().IsConfigured()
|
||||
canReadFromMySQL := s.shouldReadHTTPDNSAccessLogsFromMySQL()
|
||||
if canReadFromClickHouse {
|
||||
resp, listErr := s.listFromClickHouse(ctx, store, req)
|
||||
resp, listErr := s.listFromClickHouse(ctx, store, req, allowedAppIds)
|
||||
if listErr == nil {
|
||||
return resp, nil
|
||||
}
|
||||
@@ -158,11 +186,11 @@ func (s *HTTPDNSAccessLogService) ListHTTPDNSAccessLogs(ctx context.Context, req
|
||||
}, nil
|
||||
}
|
||||
|
||||
total, err := models.SharedHTTPDNSAccessLogDAO.CountLogs(s.NullTx(), req.GetDay(), req.GetClusterId(), req.GetNodeId(), req.GetAppId(), req.GetDomain(), req.GetStatus(), req.GetKeyword())
|
||||
total, err := models.SharedHTTPDNSAccessLogDAO.CountLogsWithAppIds(s.NullTx(), req.GetDay(), req.GetClusterId(), req.GetNodeId(), req.GetAppId(), allowedAppIds, req.GetDomain(), req.GetStatus(), req.GetKeyword())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
logs, err := models.SharedHTTPDNSAccessLogDAO.ListLogs(s.NullTx(), req.GetDay(), req.GetClusterId(), req.GetNodeId(), req.GetAppId(), req.GetDomain(), req.GetStatus(), req.GetKeyword(), req.GetOffset(), req.GetSize())
|
||||
logs, err := models.SharedHTTPDNSAccessLogDAO.ListLogsWithAppIds(s.NullTx(), req.GetDay(), req.GetClusterId(), req.GetNodeId(), req.GetAppId(), allowedAppIds, req.GetDomain(), req.GetStatus(), req.GetKeyword(), req.GetOffset(), req.GetSize())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -212,12 +240,13 @@ func (s *HTTPDNSAccessLogService) ListHTTPDNSAccessLogs(ctx context.Context, req
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *HTTPDNSAccessLogService) listFromClickHouse(ctx context.Context, store *clickhouse.HTTPDNSAccessLogsStore, req *pb.ListHTTPDNSAccessLogsRequest) (*pb.ListHTTPDNSAccessLogsResponse, error) {
|
||||
func (s *HTTPDNSAccessLogService) listFromClickHouse(ctx context.Context, store *clickhouse.HTTPDNSAccessLogsStore, req *pb.ListHTTPDNSAccessLogsRequest, allowedAppIds []string) (*pb.ListHTTPDNSAccessLogsResponse, error) {
|
||||
filter := clickhouse.HTTPDNSAccessLogListFilter{
|
||||
Day: req.GetDay(),
|
||||
ClusterId: req.GetClusterId(),
|
||||
NodeId: req.GetNodeId(),
|
||||
AppId: req.GetAppId(),
|
||||
AppIds: allowedAppIds,
|
||||
Domain: req.GetDomain(),
|
||||
Status: req.GetStatus(),
|
||||
Keyword: req.GetKeyword(),
|
||||
|
||||
@@ -5,8 +5,11 @@ import (
|
||||
"errors"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/rpc/services"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
|
||||
"github.com/iwind/TeaGo/dbs"
|
||||
"github.com/iwind/TeaGo/types"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
||||
)
|
||||
@@ -18,19 +21,44 @@ type HTTPDNSAppService struct {
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) CreateHTTPDNSApp(ctx context.Context, req *pb.CreateHTTPDNSAppRequest) (*pb.CreateHTTPDNSAppResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if len(req.Name) == 0 || len(req.AppId) == 0 {
|
||||
if userId > 0 {
|
||||
req.UserId = userId
|
||||
}
|
||||
appName := strings.TrimSpace(req.Name)
|
||||
appId := strings.TrimSpace(req.AppId)
|
||||
if len(appName) == 0 || len(appId) == 0 {
|
||||
return nil, errors.New("required 'name' and 'appId'")
|
||||
}
|
||||
if req.PrimaryClusterId <= 0 {
|
||||
return nil, errors.New("required 'primaryClusterId'")
|
||||
}
|
||||
var appDbId int64
|
||||
now := time.Now().Unix()
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
exists, err := models.SharedHTTPDNSAppDAO.FindEnabledAppWithAppId(tx, strings.TrimSpace(req.AppId))
|
||||
// 用户端防重复提交:短时间内同用户同应用名仅创建一次。
|
||||
if req.UserId > 0 {
|
||||
latest, err := models.SharedHTTPDNSAppDAO.FindLatestEnabledAppWithNameAndUser(tx, appName, req.UserId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if latest != nil && int64(latest.CreatedAt) >= now-5 {
|
||||
appDbId = int64(latest.Id)
|
||||
secret, err := models.SharedHTTPDNSAppSecretDAO.FindEnabledAppSecret(tx, appDbId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if secret == nil {
|
||||
_, _, err = models.SharedHTTPDNSAppSecretDAO.InitAppSecret(tx, appDbId, req.SignEnabled)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
exists, err := models.SharedHTTPDNSAppDAO.FindEnabledAppWithAppId(tx, appId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -38,7 +66,25 @@ func (this *HTTPDNSAppService) CreateHTTPDNSApp(ctx context.Context, req *pb.Cre
|
||||
return errors.New("appId already exists")
|
||||
}
|
||||
|
||||
appDbId, err = models.SharedHTTPDNSAppDAO.CreateApp(tx, req.Name, strings.TrimSpace(req.AppId), req.PrimaryClusterId, req.BackupClusterId, req.IsOn, req.UserId)
|
||||
primaryClusterId := req.PrimaryClusterId
|
||||
backupClusterId := req.BackupClusterId
|
||||
if primaryClusterId <= 0 || backupClusterId <= 0 {
|
||||
defaultPrimaryClusterId, defaultBackupClusterId, err := readHTTPDNSDefaultClusterIds(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if primaryClusterId <= 0 {
|
||||
primaryClusterId = defaultPrimaryClusterId
|
||||
}
|
||||
if backupClusterId <= 0 {
|
||||
backupClusterId = defaultBackupClusterId
|
||||
}
|
||||
}
|
||||
if primaryClusterId > 0 && backupClusterId == primaryClusterId {
|
||||
backupClusterId = 0
|
||||
}
|
||||
|
||||
appDbId, err = models.SharedHTTPDNSAppDAO.CreateApp(tx, appName, appId, primaryClusterId, backupClusterId, req.IsOn, req.UserId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -54,13 +100,53 @@ func (this *HTTPDNSAppService) CreateHTTPDNSApp(ctx context.Context, req *pb.Cre
|
||||
return &pb.CreateHTTPDNSAppResponse{AppDbId: appDbId}, nil
|
||||
}
|
||||
|
||||
func readHTTPDNSDefaultClusterIds(tx *dbs.Tx) (primaryClusterId int64, backupClusterId int64, err error) {
|
||||
primaryClusterId, err = models.SharedHTTPDNSClusterDAO.FindDefaultPrimaryClusterId(tx)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
|
||||
backupClusterId = 0
|
||||
backupValueJSON, err := models.SharedSysSettingDAO.ReadSetting(tx, systemconfigs.SettingCodeHTTPDNSDefaultBackupClusterId)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
if len(backupValueJSON) > 0 {
|
||||
backupClusterId = types.Int64(string(backupValueJSON))
|
||||
}
|
||||
if backupClusterId > 0 {
|
||||
backupCluster, err := models.SharedHTTPDNSClusterDAO.FindEnabledCluster(tx, backupClusterId)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
if backupCluster == nil || !backupCluster.IsOn {
|
||||
backupClusterId = 0
|
||||
}
|
||||
}
|
||||
|
||||
if primaryClusterId > 0 {
|
||||
primaryCluster, err := models.SharedHTTPDNSClusterDAO.FindEnabledCluster(tx, primaryClusterId)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
if primaryCluster == nil || !primaryCluster.IsOn {
|
||||
primaryClusterId = 0
|
||||
}
|
||||
}
|
||||
|
||||
if primaryClusterId > 0 && backupClusterId == primaryClusterId {
|
||||
backupClusterId = 0
|
||||
}
|
||||
return primaryClusterId, backupClusterId, nil
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) UpdateHTTPDNSApp(ctx context.Context, req *pb.UpdateHTTPDNSAppRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
oldApp, err := models.SharedHTTPDNSAppDAO.FindEnabledApp(tx, req.AppDbId)
|
||||
oldApp, err := ensureAppAccess(tx, req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -68,7 +154,20 @@ func (this *HTTPDNSAppService) UpdateHTTPDNSApp(ctx context.Context, req *pb.Upd
|
||||
return errors.New("app not found")
|
||||
}
|
||||
|
||||
err = models.SharedHTTPDNSAppDAO.UpdateApp(tx, req.AppDbId, req.Name, req.PrimaryClusterId, req.BackupClusterId, req.IsOn, req.UserId)
|
||||
targetUserId := req.UserId
|
||||
if targetUserId <= 0 {
|
||||
targetUserId = oldApp.UserId
|
||||
}
|
||||
if userId > 0 {
|
||||
targetUserId = userId
|
||||
}
|
||||
primaryClusterId := req.PrimaryClusterId
|
||||
backupClusterId := req.BackupClusterId
|
||||
if primaryClusterId > 0 && backupClusterId == primaryClusterId {
|
||||
backupClusterId = 0
|
||||
}
|
||||
|
||||
err = models.SharedHTTPDNSAppDAO.UpdateApp(tx, req.AppDbId, req.Name, primaryClusterId, backupClusterId, req.IsOn, targetUserId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -86,12 +185,12 @@ func (this *HTTPDNSAppService) UpdateHTTPDNSApp(ctx context.Context, req *pb.Upd
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) DeleteHTTPDNSApp(ctx context.Context, req *pb.DeleteHTTPDNSAppRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
app, err := models.SharedHTTPDNSAppDAO.FindEnabledApp(tx, req.AppDbId)
|
||||
app, err := ensureAppAccess(tx, req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -146,14 +245,17 @@ func (this *HTTPDNSAppService) DeleteHTTPDNSApp(ctx context.Context, req *pb.Del
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) FindHTTPDNSApp(ctx context.Context, req *pb.FindHTTPDNSAppRequest) (*pb.FindHTTPDNSAppResponse, error) {
|
||||
_, _, err := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
app, err := models.SharedHTTPDNSAppDAO.FindEnabledApp(this.NullTx(), req.AppDbId)
|
||||
app, err := ensureAppAccess(this.NullTx(), req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return &pb.FindHTTPDNSAppResponse{}, nil
|
||||
}
|
||||
secret, err := models.SharedHTTPDNSAppSecretDAO.FindEnabledAppSecret(this.NullTx(), req.AppDbId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -162,11 +264,16 @@ func (this *HTTPDNSAppService) FindHTTPDNSApp(ctx context.Context, req *pb.FindH
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) ListHTTPDNSApps(ctx context.Context, req *pb.ListHTTPDNSAppsRequest) (*pb.ListHTTPDNSAppsResponse, error) {
|
||||
_, _, err := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
apps, err := models.SharedHTTPDNSAppDAO.ListEnabledApps(this.NullTx(), req.Offset, req.Size, req.Keyword)
|
||||
var apps []*models.HTTPDNSApp
|
||||
if userId > 0 {
|
||||
apps, err = models.SharedHTTPDNSAppDAO.ListEnabledAppsWithUser(this.NullTx(), userId, req.Offset, req.Size, req.Keyword)
|
||||
} else {
|
||||
apps, err = models.SharedHTTPDNSAppDAO.ListEnabledApps(this.NullTx(), req.Offset, req.Size, req.Keyword)
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -182,13 +289,19 @@ func (this *HTTPDNSAppService) ListHTTPDNSApps(ctx context.Context, req *pb.List
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) FindAllHTTPDNSApps(ctx context.Context, req *pb.FindAllHTTPDNSAppsRequest) (*pb.FindAllHTTPDNSAppsResponse, error) {
|
||||
_, _, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
if validateErr != nil {
|
||||
if _, nodeErr := this.ValidateHTTPDNSNode(ctx); nodeErr != nil {
|
||||
return nil, validateErr
|
||||
}
|
||||
}
|
||||
apps, err := models.SharedHTTPDNSAppDAO.FindAllEnabledApps(this.NullTx())
|
||||
var apps []*models.HTTPDNSApp
|
||||
var err error
|
||||
if validateErr == nil && userId > 0 {
|
||||
apps, err = models.SharedHTTPDNSAppDAO.FindAllEnabledAppsWithUser(this.NullTx(), userId)
|
||||
} else {
|
||||
apps, err = models.SharedHTTPDNSAppDAO.FindAllEnabledApps(this.NullTx())
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -204,12 +317,20 @@ func (this *HTTPDNSAppService) FindAllHTTPDNSApps(ctx context.Context, req *pb.F
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) UpdateHTTPDNSAppSignEnabled(ctx context.Context, req *pb.UpdateHTTPDNSAppSignEnabledRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
err := models.SharedHTTPDNSAppSecretDAO.UpdateSignEnabled(tx, req.AppDbId, req.SignEnabled)
|
||||
app, err := ensureAppAccess(tx, req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if app == nil {
|
||||
return errors.New("app not found")
|
||||
}
|
||||
|
||||
err = models.SharedHTTPDNSAppSecretDAO.UpdateSignEnabled(tx, req.AppDbId, req.SignEnabled)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -222,14 +343,21 @@ func (this *HTTPDNSAppService) UpdateHTTPDNSAppSignEnabled(ctx context.Context,
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) ResetHTTPDNSAppSignSecret(ctx context.Context, req *pb.ResetHTTPDNSAppSignSecretRequest) (*pb.ResetHTTPDNSAppSignSecretResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var signSecret string
|
||||
var updatedAt int64
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
var err error
|
||||
app, err := ensureAppAccess(tx, req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if app == nil {
|
||||
return errors.New("app not found")
|
||||
}
|
||||
|
||||
signSecret, updatedAt, err = models.SharedHTTPDNSAppSecretDAO.ResetSignSecret(tx, req.AppDbId)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -16,7 +16,7 @@ type HTTPDNSDomainService struct {
|
||||
}
|
||||
|
||||
func (this *HTTPDNSDomainService) CreateHTTPDNSDomain(ctx context.Context, req *pb.CreateHTTPDNSDomainRequest) (*pb.CreateHTTPDNSDomainResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -25,6 +25,14 @@ func (this *HTTPDNSDomainService) CreateHTTPDNSDomain(ctx context.Context, req *
|
||||
}
|
||||
var domainId int64
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
app, err := ensureAppAccess(tx, req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if app == nil {
|
||||
return errors.New("app not found")
|
||||
}
|
||||
|
||||
domainId, err = models.SharedHTTPDNSDomainDAO.CreateDomain(tx, req.AppDbId, req.Domain, req.IsOn)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -38,12 +46,12 @@ func (this *HTTPDNSDomainService) CreateHTTPDNSDomain(ctx context.Context, req *
|
||||
}
|
||||
|
||||
func (this *HTTPDNSDomainService) DeleteHTTPDNSDomain(ctx context.Context, req *pb.DeleteHTTPDNSDomainRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
domain, err := models.SharedHTTPDNSDomainDAO.FindEnabledDomain(tx, req.DomainId)
|
||||
domain, app, err := ensureDomainAccess(tx, req.DomainId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -55,7 +63,7 @@ func (this *HTTPDNSDomainService) DeleteHTTPDNSDomain(ctx context.Context, req *
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(domain.AppId), models.HTTPDNSNodeTaskTypeDomainChanged)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeDomainChanged)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -64,12 +72,12 @@ func (this *HTTPDNSDomainService) DeleteHTTPDNSDomain(ctx context.Context, req *
|
||||
}
|
||||
|
||||
func (this *HTTPDNSDomainService) UpdateHTTPDNSDomainStatus(ctx context.Context, req *pb.UpdateHTTPDNSDomainStatusRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
domain, err := models.SharedHTTPDNSDomainDAO.FindEnabledDomain(tx, req.DomainId)
|
||||
domain, app, err := ensureDomainAccess(tx, req.DomainId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -81,7 +89,7 @@ func (this *HTTPDNSDomainService) UpdateHTTPDNSDomainStatus(ctx context.Context,
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(domain.AppId), models.HTTPDNSNodeTaskTypeDomainChanged)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeDomainChanged)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -90,11 +98,19 @@ func (this *HTTPDNSDomainService) UpdateHTTPDNSDomainStatus(ctx context.Context,
|
||||
}
|
||||
|
||||
func (this *HTTPDNSDomainService) ListHTTPDNSDomainsWithAppId(ctx context.Context, req *pb.ListHTTPDNSDomainsWithAppIdRequest) (*pb.ListHTTPDNSDomainsWithAppIdResponse, error) {
|
||||
_, _, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
if validateErr != nil {
|
||||
if _, nodeErr := this.ValidateHTTPDNSNode(ctx); nodeErr != nil {
|
||||
return nil, validateErr
|
||||
}
|
||||
} else if userId > 0 {
|
||||
app, err := ensureAppAccess(this.NullTx(), req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return &pb.ListHTTPDNSDomainsWithAppIdResponse{}, nil
|
||||
}
|
||||
}
|
||||
domains, err := models.SharedHTTPDNSDomainDAO.ListEnabledDomainsWithAppId(this.NullTx(), req.AppDbId, req.Keyword)
|
||||
if err != nil {
|
||||
|
||||
@@ -16,7 +16,7 @@ type HTTPDNSRuleService struct {
|
||||
}
|
||||
|
||||
func (this *HTTPDNSRuleService) CreateHTTPDNSCustomRule(ctx context.Context, req *pb.CreateHTTPDNSCustomRuleRequest) (*pb.CreateHTTPDNSCustomRuleResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -25,8 +25,16 @@ func (this *HTTPDNSRuleService) CreateHTTPDNSCustomRule(ctx context.Context, req
|
||||
}
|
||||
var ruleId int64
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
domain, app, err := ensureDomainAccess(tx, req.Rule.DomainId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if domain == nil || app == nil {
|
||||
return errors.New("domain not found")
|
||||
}
|
||||
|
||||
rule := &models.HTTPDNSCustomRule{
|
||||
AppId: uint32(req.Rule.AppId),
|
||||
AppId: domain.AppId,
|
||||
DomainId: uint32(req.Rule.DomainId),
|
||||
RuleName: req.Rule.RuleName,
|
||||
LineScope: req.Rule.LineScope,
|
||||
@@ -49,7 +57,7 @@ func (this *HTTPDNSRuleService) CreateHTTPDNSCustomRule(ctx context.Context, req
|
||||
return err
|
||||
}
|
||||
}
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, req.Rule.AppId, models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -58,7 +66,7 @@ func (this *HTTPDNSRuleService) CreateHTTPDNSCustomRule(ctx context.Context, req
|
||||
}
|
||||
|
||||
func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRule(ctx context.Context, req *pb.UpdateHTTPDNSCustomRuleRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -66,7 +74,7 @@ func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRule(ctx context.Context, req
|
||||
return nil, errors.New("invalid 'rule.id'")
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
oldRule, err := models.SharedHTTPDNSCustomRuleDAO.FindEnabledRule(tx, req.Rule.Id)
|
||||
oldRule, app, err := ensureRuleAccess(tx, req.Rule.Id, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -101,15 +109,12 @@ func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRule(ctx context.Context, req
|
||||
return err
|
||||
}
|
||||
}
|
||||
err = notifyHTTPDNSAppTasksByAppDbId(tx, int64(oldRule.AppId), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
err = notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
targetAppDbId := req.Rule.AppId
|
||||
if targetAppDbId <= 0 {
|
||||
targetAppDbId = int64(oldRule.AppId)
|
||||
}
|
||||
targetAppDbId := int64(app.Id)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, targetAppDbId, models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
})
|
||||
if err != nil {
|
||||
@@ -119,12 +124,12 @@ func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRule(ctx context.Context, req
|
||||
}
|
||||
|
||||
func (this *HTTPDNSRuleService) DeleteHTTPDNSCustomRule(ctx context.Context, req *pb.DeleteHTTPDNSCustomRuleRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
rule, err := models.SharedHTTPDNSCustomRuleDAO.FindEnabledRule(tx, req.RuleId)
|
||||
rule, app, err := ensureRuleAccess(tx, req.RuleId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -136,7 +141,7 @@ func (this *HTTPDNSRuleService) DeleteHTTPDNSCustomRule(ctx context.Context, req
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(rule.AppId), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -145,12 +150,12 @@ func (this *HTTPDNSRuleService) DeleteHTTPDNSCustomRule(ctx context.Context, req
|
||||
}
|
||||
|
||||
func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRuleStatus(ctx context.Context, req *pb.UpdateHTTPDNSCustomRuleStatusRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
rule, err := models.SharedHTTPDNSCustomRuleDAO.FindEnabledRule(tx, req.RuleId)
|
||||
rule, app, err := ensureRuleAccess(tx, req.RuleId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -162,7 +167,7 @@ func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRuleStatus(ctx context.Contex
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(rule.AppId), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -171,11 +176,19 @@ func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRuleStatus(ctx context.Contex
|
||||
}
|
||||
|
||||
func (this *HTTPDNSRuleService) ListHTTPDNSCustomRulesWithDomainId(ctx context.Context, req *pb.ListHTTPDNSCustomRulesWithDomainIdRequest) (*pb.ListHTTPDNSCustomRulesWithDomainIdResponse, error) {
|
||||
_, _, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
if validateErr != nil {
|
||||
if _, nodeErr := this.ValidateHTTPDNSNode(ctx); nodeErr != nil {
|
||||
return nil, validateErr
|
||||
}
|
||||
} else if userId > 0 {
|
||||
domain, _, err := ensureDomainAccess(this.NullTx(), req.DomainId, userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if domain == nil {
|
||||
return &pb.ListHTTPDNSCustomRulesWithDomainIdResponse{}, nil
|
||||
}
|
||||
}
|
||||
rules, err := models.SharedHTTPDNSCustomRuleDAO.ListEnabledRulesWithDomainId(this.NullTx(), req.DomainId)
|
||||
if err != nil {
|
||||
|
||||
@@ -60,7 +60,7 @@ type nodeClientInfo struct {
|
||||
}
|
||||
|
||||
func (this *HTTPDNSSandboxService) TestHTTPDNSResolve(ctx context.Context, req *pb.TestHTTPDNSResolveRequest) (*pb.TestHTTPDNSResolveResponse, error) {
|
||||
_, _, err := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -73,6 +73,9 @@ func (this *HTTPDNSSandboxService) TestHTTPDNSResolve(ctx context.Context, req *
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if userId > 0 && app != nil && app.UserId != userId {
|
||||
return nil, errors.New("access denied")
|
||||
}
|
||||
if app == nil || !app.IsOn {
|
||||
return &pb.TestHTTPDNSResolveResponse{
|
||||
Code: "APP_NOT_FOUND_OR_DISABLED",
|
||||
|
||||
81
EdgeAPI/internal/rpc/services/httpdns/user_auth_helpers.go
Normal file
81
EdgeAPI/internal/rpc/services/httpdns/user_auth_helpers.go
Normal file
@@ -0,0 +1,81 @@
|
||||
package httpdns
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"strings"
|
||||
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
||||
"github.com/iwind/TeaGo/dbs"
|
||||
)
|
||||
|
||||
func ensureAppAccess(tx *dbs.Tx, appDbId int64, userId int64) (*models.HTTPDNSApp, error) {
|
||||
app, err := models.SharedHTTPDNSAppDAO.FindEnabledApp(tx, appDbId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return nil, nil
|
||||
}
|
||||
if userId > 0 && app.UserId != userId {
|
||||
return nil, errors.New("access denied")
|
||||
}
|
||||
return app, nil
|
||||
}
|
||||
|
||||
func ensureAppAccessByAppId(tx *dbs.Tx, appId string, userId int64) (*models.HTTPDNSApp, error) {
|
||||
appId = strings.TrimSpace(appId)
|
||||
if len(appId) == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
app, err := models.SharedHTTPDNSAppDAO.FindEnabledAppWithAppId(tx, appId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return nil, nil
|
||||
}
|
||||
if userId > 0 && app.UserId != userId {
|
||||
return nil, errors.New("access denied")
|
||||
}
|
||||
return app, nil
|
||||
}
|
||||
|
||||
func ensureDomainAccess(tx *dbs.Tx, domainId int64, userId int64) (*models.HTTPDNSDomain, *models.HTTPDNSApp, error) {
|
||||
domain, err := models.SharedHTTPDNSDomainDAO.FindEnabledDomain(tx, domainId)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if domain == nil {
|
||||
return nil, nil, nil
|
||||
}
|
||||
|
||||
app, err := ensureAppAccess(tx, int64(domain.AppId), userId)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return nil, nil, nil
|
||||
}
|
||||
|
||||
return domain, app, nil
|
||||
}
|
||||
|
||||
func ensureRuleAccess(tx *dbs.Tx, ruleId int64, userId int64) (*models.HTTPDNSCustomRule, *models.HTTPDNSApp, error) {
|
||||
rule, err := models.SharedHTTPDNSCustomRuleDAO.FindEnabledRule(tx, ruleId)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if rule == nil {
|
||||
return nil, nil, nil
|
||||
}
|
||||
|
||||
app, err := ensureAppAccess(tx, int64(rule.AppId), userId)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return nil, nil, nil
|
||||
}
|
||||
|
||||
return rule, app, nil
|
||||
}
|
||||
@@ -42,10 +42,10 @@ func EnsureClickHouseTables() error {
|
||||
firewall_rule_group_id UInt64 DEFAULT 0,
|
||||
firewall_rule_set_id UInt64 DEFAULT 0,
|
||||
firewall_rule_id UInt64 DEFAULT 0,
|
||||
request_headers String CODEC(ZSTD(3)) DEFAULT '',
|
||||
request_body String CODEC(ZSTD(3)) DEFAULT '',
|
||||
response_headers String CODEC(ZSTD(3)) DEFAULT '',
|
||||
response_body String CODEC(ZSTD(3)) DEFAULT '',
|
||||
request_headers String DEFAULT '' CODEC(ZSTD(3)),
|
||||
request_body String DEFAULT '' CODEC(ZSTD(3)),
|
||||
response_headers String DEFAULT '' CODEC(ZSTD(3)),
|
||||
response_body String DEFAULT '' CODEC(ZSTD(3)),
|
||||
INDEX idx_trace_id trace_id TYPE bloom_filter(0.01) GRANULARITY 4,
|
||||
INDEX idx_ip ip TYPE bloom_filter(0.01) GRANULARITY 4,
|
||||
INDEX idx_host host TYPE tokenbf_v1(10240, 3, 0) GRANULARITY 4,
|
||||
@@ -74,7 +74,7 @@ SETTINGS index_granularity = 8192`,
|
||||
is_recursive UInt8,
|
||||
error String CODEC(ZSTD(1)),
|
||||
ns_route_codes Array(String),
|
||||
content_json String CODEC(ZSTD(3)) DEFAULT '',
|
||||
content_json String DEFAULT '' CODEC(ZSTD(3)),
|
||||
INDEX idx_request_id request_id TYPE bloom_filter(0.01) GRANULARITY 4,
|
||||
INDEX idx_remote_addr remote_addr TYPE bloom_filter(0.01) GRANULARITY 4,
|
||||
INDEX idx_question_name question_name TYPE tokenbf_v1(10240, 3, 0) GRANULARITY 4,
|
||||
|
||||
Reference in New Issue
Block a user