带阿里标识的版本
This commit is contained in:
robin
@@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"log"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/clickhouse"
|
||||
@@ -132,16 +133,43 @@ func (s *HTTPDNSAccessLogService) CreateHTTPDNSAccessLogs(ctx context.Context, r
|
||||
}
|
||||
|
||||
func (s *HTTPDNSAccessLogService) ListHTTPDNSAccessLogs(ctx context.Context, req *pb.ListHTTPDNSAccessLogsRequest) (*pb.ListHTTPDNSAccessLogsResponse, error) {
|
||||
_, _, err := s.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, err := s.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
allowedAppIds := []string(nil)
|
||||
if userId > 0 {
|
||||
if len(strings.TrimSpace(req.GetAppId())) > 0 {
|
||||
app, err := ensureAppAccessByAppId(s.NullTx(), req.GetAppId(), userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return &pb.ListHTTPDNSAccessLogsResponse{
|
||||
Logs: []*pb.HTTPDNSAccessLog{},
|
||||
Total: 0,
|
||||
}, nil
|
||||
}
|
||||
} else {
|
||||
allowedAppIds, err = models.SharedHTTPDNSAppDAO.ListEnabledAppIdsWithUser(s.NullTx(), userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if len(allowedAppIds) == 0 {
|
||||
return &pb.ListHTTPDNSAccessLogsResponse{
|
||||
Logs: []*pb.HTTPDNSAccessLog{},
|
||||
Total: 0,
|
||||
}, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
store := clickhouse.NewHTTPDNSAccessLogsStore()
|
||||
canReadFromClickHouse := s.shouldReadHTTPDNSAccessLogsFromClickHouse() && store.Client().IsConfigured()
|
||||
canReadFromMySQL := s.shouldReadHTTPDNSAccessLogsFromMySQL()
|
||||
if canReadFromClickHouse {
|
||||
resp, listErr := s.listFromClickHouse(ctx, store, req)
|
||||
resp, listErr := s.listFromClickHouse(ctx, store, req, allowedAppIds)
|
||||
if listErr == nil {
|
||||
return resp, nil
|
||||
}
|
||||
@@ -158,11 +186,11 @@ func (s *HTTPDNSAccessLogService) ListHTTPDNSAccessLogs(ctx context.Context, req
|
||||
}, nil
|
||||
}
|
||||
|
||||
total, err := models.SharedHTTPDNSAccessLogDAO.CountLogs(s.NullTx(), req.GetDay(), req.GetClusterId(), req.GetNodeId(), req.GetAppId(), req.GetDomain(), req.GetStatus(), req.GetKeyword())
|
||||
total, err := models.SharedHTTPDNSAccessLogDAO.CountLogsWithAppIds(s.NullTx(), req.GetDay(), req.GetClusterId(), req.GetNodeId(), req.GetAppId(), allowedAppIds, req.GetDomain(), req.GetStatus(), req.GetKeyword())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
logs, err := models.SharedHTTPDNSAccessLogDAO.ListLogs(s.NullTx(), req.GetDay(), req.GetClusterId(), req.GetNodeId(), req.GetAppId(), req.GetDomain(), req.GetStatus(), req.GetKeyword(), req.GetOffset(), req.GetSize())
|
||||
logs, err := models.SharedHTTPDNSAccessLogDAO.ListLogsWithAppIds(s.NullTx(), req.GetDay(), req.GetClusterId(), req.GetNodeId(), req.GetAppId(), allowedAppIds, req.GetDomain(), req.GetStatus(), req.GetKeyword(), req.GetOffset(), req.GetSize())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -212,12 +240,13 @@ func (s *HTTPDNSAccessLogService) ListHTTPDNSAccessLogs(ctx context.Context, req
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *HTTPDNSAccessLogService) listFromClickHouse(ctx context.Context, store *clickhouse.HTTPDNSAccessLogsStore, req *pb.ListHTTPDNSAccessLogsRequest) (*pb.ListHTTPDNSAccessLogsResponse, error) {
|
||||
func (s *HTTPDNSAccessLogService) listFromClickHouse(ctx context.Context, store *clickhouse.HTTPDNSAccessLogsStore, req *pb.ListHTTPDNSAccessLogsRequest, allowedAppIds []string) (*pb.ListHTTPDNSAccessLogsResponse, error) {
|
||||
filter := clickhouse.HTTPDNSAccessLogListFilter{
|
||||
Day: req.GetDay(),
|
||||
ClusterId: req.GetClusterId(),
|
||||
NodeId: req.GetNodeId(),
|
||||
AppId: req.GetAppId(),
|
||||
AppIds: allowedAppIds,
|
||||
Domain: req.GetDomain(),
|
||||
Status: req.GetStatus(),
|
||||
Keyword: req.GetKeyword(),
|
||||
|
||||
@@ -5,8 +5,11 @@ import (
|
||||
"errors"
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/rpc/services"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
||||
"github.com/TeaOSLab/EdgeCommon/pkg/systemconfigs"
|
||||
"github.com/iwind/TeaGo/dbs"
|
||||
"github.com/iwind/TeaGo/types"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
||||
)
|
||||
@@ -18,19 +21,44 @@ type HTTPDNSAppService struct {
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) CreateHTTPDNSApp(ctx context.Context, req *pb.CreateHTTPDNSAppRequest) (*pb.CreateHTTPDNSAppResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if len(req.Name) == 0 || len(req.AppId) == 0 {
|
||||
if userId > 0 {
|
||||
req.UserId = userId
|
||||
}
|
||||
appName := strings.TrimSpace(req.Name)
|
||||
appId := strings.TrimSpace(req.AppId)
|
||||
if len(appName) == 0 || len(appId) == 0 {
|
||||
return nil, errors.New("required 'name' and 'appId'")
|
||||
}
|
||||
if req.PrimaryClusterId <= 0 {
|
||||
return nil, errors.New("required 'primaryClusterId'")
|
||||
}
|
||||
var appDbId int64
|
||||
now := time.Now().Unix()
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
exists, err := models.SharedHTTPDNSAppDAO.FindEnabledAppWithAppId(tx, strings.TrimSpace(req.AppId))
|
||||
// 用户端防重复提交:短时间内同用户同应用名仅创建一次。
|
||||
if req.UserId > 0 {
|
||||
latest, err := models.SharedHTTPDNSAppDAO.FindLatestEnabledAppWithNameAndUser(tx, appName, req.UserId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if latest != nil && int64(latest.CreatedAt) >= now-5 {
|
||||
appDbId = int64(latest.Id)
|
||||
secret, err := models.SharedHTTPDNSAppSecretDAO.FindEnabledAppSecret(tx, appDbId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if secret == nil {
|
||||
_, _, err = models.SharedHTTPDNSAppSecretDAO.InitAppSecret(tx, appDbId, req.SignEnabled)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
exists, err := models.SharedHTTPDNSAppDAO.FindEnabledAppWithAppId(tx, appId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -38,7 +66,25 @@ func (this *HTTPDNSAppService) CreateHTTPDNSApp(ctx context.Context, req *pb.Cre
|
||||
return errors.New("appId already exists")
|
||||
}
|
||||
|
||||
appDbId, err = models.SharedHTTPDNSAppDAO.CreateApp(tx, req.Name, strings.TrimSpace(req.AppId), req.PrimaryClusterId, req.BackupClusterId, req.IsOn, req.UserId)
|
||||
primaryClusterId := req.PrimaryClusterId
|
||||
backupClusterId := req.BackupClusterId
|
||||
if primaryClusterId <= 0 || backupClusterId <= 0 {
|
||||
defaultPrimaryClusterId, defaultBackupClusterId, err := readHTTPDNSDefaultClusterIds(tx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if primaryClusterId <= 0 {
|
||||
primaryClusterId = defaultPrimaryClusterId
|
||||
}
|
||||
if backupClusterId <= 0 {
|
||||
backupClusterId = defaultBackupClusterId
|
||||
}
|
||||
}
|
||||
if primaryClusterId > 0 && backupClusterId == primaryClusterId {
|
||||
backupClusterId = 0
|
||||
}
|
||||
|
||||
appDbId, err = models.SharedHTTPDNSAppDAO.CreateApp(tx, appName, appId, primaryClusterId, backupClusterId, req.IsOn, req.UserId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -54,13 +100,53 @@ func (this *HTTPDNSAppService) CreateHTTPDNSApp(ctx context.Context, req *pb.Cre
|
||||
return &pb.CreateHTTPDNSAppResponse{AppDbId: appDbId}, nil
|
||||
}
|
||||
|
||||
func readHTTPDNSDefaultClusterIds(tx *dbs.Tx) (primaryClusterId int64, backupClusterId int64, err error) {
|
||||
primaryClusterId, err = models.SharedHTTPDNSClusterDAO.FindDefaultPrimaryClusterId(tx)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
|
||||
backupClusterId = 0
|
||||
backupValueJSON, err := models.SharedSysSettingDAO.ReadSetting(tx, systemconfigs.SettingCodeHTTPDNSDefaultBackupClusterId)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
if len(backupValueJSON) > 0 {
|
||||
backupClusterId = types.Int64(string(backupValueJSON))
|
||||
}
|
||||
if backupClusterId > 0 {
|
||||
backupCluster, err := models.SharedHTTPDNSClusterDAO.FindEnabledCluster(tx, backupClusterId)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
if backupCluster == nil || !backupCluster.IsOn {
|
||||
backupClusterId = 0
|
||||
}
|
||||
}
|
||||
|
||||
if primaryClusterId > 0 {
|
||||
primaryCluster, err := models.SharedHTTPDNSClusterDAO.FindEnabledCluster(tx, primaryClusterId)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
if primaryCluster == nil || !primaryCluster.IsOn {
|
||||
primaryClusterId = 0
|
||||
}
|
||||
}
|
||||
|
||||
if primaryClusterId > 0 && backupClusterId == primaryClusterId {
|
||||
backupClusterId = 0
|
||||
}
|
||||
return primaryClusterId, backupClusterId, nil
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) UpdateHTTPDNSApp(ctx context.Context, req *pb.UpdateHTTPDNSAppRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
oldApp, err := models.SharedHTTPDNSAppDAO.FindEnabledApp(tx, req.AppDbId)
|
||||
oldApp, err := ensureAppAccess(tx, req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -68,7 +154,20 @@ func (this *HTTPDNSAppService) UpdateHTTPDNSApp(ctx context.Context, req *pb.Upd
|
||||
return errors.New("app not found")
|
||||
}
|
||||
|
||||
err = models.SharedHTTPDNSAppDAO.UpdateApp(tx, req.AppDbId, req.Name, req.PrimaryClusterId, req.BackupClusterId, req.IsOn, req.UserId)
|
||||
targetUserId := req.UserId
|
||||
if targetUserId <= 0 {
|
||||
targetUserId = oldApp.UserId
|
||||
}
|
||||
if userId > 0 {
|
||||
targetUserId = userId
|
||||
}
|
||||
primaryClusterId := req.PrimaryClusterId
|
||||
backupClusterId := req.BackupClusterId
|
||||
if primaryClusterId > 0 && backupClusterId == primaryClusterId {
|
||||
backupClusterId = 0
|
||||
}
|
||||
|
||||
err = models.SharedHTTPDNSAppDAO.UpdateApp(tx, req.AppDbId, req.Name, primaryClusterId, backupClusterId, req.IsOn, targetUserId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -86,12 +185,12 @@ func (this *HTTPDNSAppService) UpdateHTTPDNSApp(ctx context.Context, req *pb.Upd
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) DeleteHTTPDNSApp(ctx context.Context, req *pb.DeleteHTTPDNSAppRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
app, err := models.SharedHTTPDNSAppDAO.FindEnabledApp(tx, req.AppDbId)
|
||||
app, err := ensureAppAccess(tx, req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -146,14 +245,17 @@ func (this *HTTPDNSAppService) DeleteHTTPDNSApp(ctx context.Context, req *pb.Del
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) FindHTTPDNSApp(ctx context.Context, req *pb.FindHTTPDNSAppRequest) (*pb.FindHTTPDNSAppResponse, error) {
|
||||
_, _, err := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
app, err := models.SharedHTTPDNSAppDAO.FindEnabledApp(this.NullTx(), req.AppDbId)
|
||||
app, err := ensureAppAccess(this.NullTx(), req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return &pb.FindHTTPDNSAppResponse{}, nil
|
||||
}
|
||||
secret, err := models.SharedHTTPDNSAppSecretDAO.FindEnabledAppSecret(this.NullTx(), req.AppDbId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -162,11 +264,16 @@ func (this *HTTPDNSAppService) FindHTTPDNSApp(ctx context.Context, req *pb.FindH
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) ListHTTPDNSApps(ctx context.Context, req *pb.ListHTTPDNSAppsRequest) (*pb.ListHTTPDNSAppsResponse, error) {
|
||||
_, _, err := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
apps, err := models.SharedHTTPDNSAppDAO.ListEnabledApps(this.NullTx(), req.Offset, req.Size, req.Keyword)
|
||||
var apps []*models.HTTPDNSApp
|
||||
if userId > 0 {
|
||||
apps, err = models.SharedHTTPDNSAppDAO.ListEnabledAppsWithUser(this.NullTx(), userId, req.Offset, req.Size, req.Keyword)
|
||||
} else {
|
||||
apps, err = models.SharedHTTPDNSAppDAO.ListEnabledApps(this.NullTx(), req.Offset, req.Size, req.Keyword)
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -182,13 +289,19 @@ func (this *HTTPDNSAppService) ListHTTPDNSApps(ctx context.Context, req *pb.List
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) FindAllHTTPDNSApps(ctx context.Context, req *pb.FindAllHTTPDNSAppsRequest) (*pb.FindAllHTTPDNSAppsResponse, error) {
|
||||
_, _, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
if validateErr != nil {
|
||||
if _, nodeErr := this.ValidateHTTPDNSNode(ctx); nodeErr != nil {
|
||||
return nil, validateErr
|
||||
}
|
||||
}
|
||||
apps, err := models.SharedHTTPDNSAppDAO.FindAllEnabledApps(this.NullTx())
|
||||
var apps []*models.HTTPDNSApp
|
||||
var err error
|
||||
if validateErr == nil && userId > 0 {
|
||||
apps, err = models.SharedHTTPDNSAppDAO.FindAllEnabledAppsWithUser(this.NullTx(), userId)
|
||||
} else {
|
||||
apps, err = models.SharedHTTPDNSAppDAO.FindAllEnabledApps(this.NullTx())
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -204,12 +317,20 @@ func (this *HTTPDNSAppService) FindAllHTTPDNSApps(ctx context.Context, req *pb.F
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) UpdateHTTPDNSAppSignEnabled(ctx context.Context, req *pb.UpdateHTTPDNSAppSignEnabledRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
err := models.SharedHTTPDNSAppSecretDAO.UpdateSignEnabled(tx, req.AppDbId, req.SignEnabled)
|
||||
app, err := ensureAppAccess(tx, req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if app == nil {
|
||||
return errors.New("app not found")
|
||||
}
|
||||
|
||||
err = models.SharedHTTPDNSAppSecretDAO.UpdateSignEnabled(tx, req.AppDbId, req.SignEnabled)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -222,14 +343,21 @@ func (this *HTTPDNSAppService) UpdateHTTPDNSAppSignEnabled(ctx context.Context,
|
||||
}
|
||||
|
||||
func (this *HTTPDNSAppService) ResetHTTPDNSAppSignSecret(ctx context.Context, req *pb.ResetHTTPDNSAppSignSecretRequest) (*pb.ResetHTTPDNSAppSignSecretResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var signSecret string
|
||||
var updatedAt int64
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
var err error
|
||||
app, err := ensureAppAccess(tx, req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if app == nil {
|
||||
return errors.New("app not found")
|
||||
}
|
||||
|
||||
signSecret, updatedAt, err = models.SharedHTTPDNSAppSecretDAO.ResetSignSecret(tx, req.AppDbId)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -16,7 +16,7 @@ type HTTPDNSDomainService struct {
|
||||
}
|
||||
|
||||
func (this *HTTPDNSDomainService) CreateHTTPDNSDomain(ctx context.Context, req *pb.CreateHTTPDNSDomainRequest) (*pb.CreateHTTPDNSDomainResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -25,6 +25,14 @@ func (this *HTTPDNSDomainService) CreateHTTPDNSDomain(ctx context.Context, req *
|
||||
}
|
||||
var domainId int64
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
app, err := ensureAppAccess(tx, req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if app == nil {
|
||||
return errors.New("app not found")
|
||||
}
|
||||
|
||||
domainId, err = models.SharedHTTPDNSDomainDAO.CreateDomain(tx, req.AppDbId, req.Domain, req.IsOn)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -38,12 +46,12 @@ func (this *HTTPDNSDomainService) CreateHTTPDNSDomain(ctx context.Context, req *
|
||||
}
|
||||
|
||||
func (this *HTTPDNSDomainService) DeleteHTTPDNSDomain(ctx context.Context, req *pb.DeleteHTTPDNSDomainRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
domain, err := models.SharedHTTPDNSDomainDAO.FindEnabledDomain(tx, req.DomainId)
|
||||
domain, app, err := ensureDomainAccess(tx, req.DomainId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -55,7 +63,7 @@ func (this *HTTPDNSDomainService) DeleteHTTPDNSDomain(ctx context.Context, req *
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(domain.AppId), models.HTTPDNSNodeTaskTypeDomainChanged)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeDomainChanged)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -64,12 +72,12 @@ func (this *HTTPDNSDomainService) DeleteHTTPDNSDomain(ctx context.Context, req *
|
||||
}
|
||||
|
||||
func (this *HTTPDNSDomainService) UpdateHTTPDNSDomainStatus(ctx context.Context, req *pb.UpdateHTTPDNSDomainStatusRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
domain, err := models.SharedHTTPDNSDomainDAO.FindEnabledDomain(tx, req.DomainId)
|
||||
domain, app, err := ensureDomainAccess(tx, req.DomainId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -81,7 +89,7 @@ func (this *HTTPDNSDomainService) UpdateHTTPDNSDomainStatus(ctx context.Context,
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(domain.AppId), models.HTTPDNSNodeTaskTypeDomainChanged)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeDomainChanged)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -90,11 +98,19 @@ func (this *HTTPDNSDomainService) UpdateHTTPDNSDomainStatus(ctx context.Context,
|
||||
}
|
||||
|
||||
func (this *HTTPDNSDomainService) ListHTTPDNSDomainsWithAppId(ctx context.Context, req *pb.ListHTTPDNSDomainsWithAppIdRequest) (*pb.ListHTTPDNSDomainsWithAppIdResponse, error) {
|
||||
_, _, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
if validateErr != nil {
|
||||
if _, nodeErr := this.ValidateHTTPDNSNode(ctx); nodeErr != nil {
|
||||
return nil, validateErr
|
||||
}
|
||||
} else if userId > 0 {
|
||||
app, err := ensureAppAccess(this.NullTx(), req.AppDbId, userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return &pb.ListHTTPDNSDomainsWithAppIdResponse{}, nil
|
||||
}
|
||||
}
|
||||
domains, err := models.SharedHTTPDNSDomainDAO.ListEnabledDomainsWithAppId(this.NullTx(), req.AppDbId, req.Keyword)
|
||||
if err != nil {
|
||||
|
||||
@@ -16,7 +16,7 @@ type HTTPDNSRuleService struct {
|
||||
}
|
||||
|
||||
func (this *HTTPDNSRuleService) CreateHTTPDNSCustomRule(ctx context.Context, req *pb.CreateHTTPDNSCustomRuleRequest) (*pb.CreateHTTPDNSCustomRuleResponse, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -25,8 +25,16 @@ func (this *HTTPDNSRuleService) CreateHTTPDNSCustomRule(ctx context.Context, req
|
||||
}
|
||||
var ruleId int64
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
domain, app, err := ensureDomainAccess(tx, req.Rule.DomainId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if domain == nil || app == nil {
|
||||
return errors.New("domain not found")
|
||||
}
|
||||
|
||||
rule := &models.HTTPDNSCustomRule{
|
||||
AppId: uint32(req.Rule.AppId),
|
||||
AppId: domain.AppId,
|
||||
DomainId: uint32(req.Rule.DomainId),
|
||||
RuleName: req.Rule.RuleName,
|
||||
LineScope: req.Rule.LineScope,
|
||||
@@ -49,7 +57,7 @@ func (this *HTTPDNSRuleService) CreateHTTPDNSCustomRule(ctx context.Context, req
|
||||
return err
|
||||
}
|
||||
}
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, req.Rule.AppId, models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -58,7 +66,7 @@ func (this *HTTPDNSRuleService) CreateHTTPDNSCustomRule(ctx context.Context, req
|
||||
}
|
||||
|
||||
func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRule(ctx context.Context, req *pb.UpdateHTTPDNSCustomRuleRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -66,7 +74,7 @@ func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRule(ctx context.Context, req
|
||||
return nil, errors.New("invalid 'rule.id'")
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
oldRule, err := models.SharedHTTPDNSCustomRuleDAO.FindEnabledRule(tx, req.Rule.Id)
|
||||
oldRule, app, err := ensureRuleAccess(tx, req.Rule.Id, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -101,15 +109,12 @@ func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRule(ctx context.Context, req
|
||||
return err
|
||||
}
|
||||
}
|
||||
err = notifyHTTPDNSAppTasksByAppDbId(tx, int64(oldRule.AppId), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
err = notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
targetAppDbId := req.Rule.AppId
|
||||
if targetAppDbId <= 0 {
|
||||
targetAppDbId = int64(oldRule.AppId)
|
||||
}
|
||||
targetAppDbId := int64(app.Id)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, targetAppDbId, models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
})
|
||||
if err != nil {
|
||||
@@ -119,12 +124,12 @@ func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRule(ctx context.Context, req
|
||||
}
|
||||
|
||||
func (this *HTTPDNSRuleService) DeleteHTTPDNSCustomRule(ctx context.Context, req *pb.DeleteHTTPDNSCustomRuleRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
rule, err := models.SharedHTTPDNSCustomRuleDAO.FindEnabledRule(tx, req.RuleId)
|
||||
rule, app, err := ensureRuleAccess(tx, req.RuleId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -136,7 +141,7 @@ func (this *HTTPDNSRuleService) DeleteHTTPDNSCustomRule(ctx context.Context, req
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(rule.AppId), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -145,12 +150,12 @@ func (this *HTTPDNSRuleService) DeleteHTTPDNSCustomRule(ctx context.Context, req
|
||||
}
|
||||
|
||||
func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRuleStatus(ctx context.Context, req *pb.UpdateHTTPDNSCustomRuleStatusRequest) (*pb.RPCSuccess, error) {
|
||||
_, err := this.ValidateAdmin(ctx)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = this.RunTx(func(tx *dbs.Tx) error {
|
||||
rule, err := models.SharedHTTPDNSCustomRuleDAO.FindEnabledRule(tx, req.RuleId)
|
||||
rule, app, err := ensureRuleAccess(tx, req.RuleId, userId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -162,7 +167,7 @@ func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRuleStatus(ctx context.Contex
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(rule.AppId), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
return notifyHTTPDNSAppTasksByAppDbId(tx, int64(app.Id), models.HTTPDNSNodeTaskTypeRuleChanged)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -171,11 +176,19 @@ func (this *HTTPDNSRuleService) UpdateHTTPDNSCustomRuleStatus(ctx context.Contex
|
||||
}
|
||||
|
||||
func (this *HTTPDNSRuleService) ListHTTPDNSCustomRulesWithDomainId(ctx context.Context, req *pb.ListHTTPDNSCustomRulesWithDomainIdRequest) (*pb.ListHTTPDNSCustomRulesWithDomainIdResponse, error) {
|
||||
_, _, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, validateErr := this.ValidateAdminAndUser(ctx, true)
|
||||
if validateErr != nil {
|
||||
if _, nodeErr := this.ValidateHTTPDNSNode(ctx); nodeErr != nil {
|
||||
return nil, validateErr
|
||||
}
|
||||
} else if userId > 0 {
|
||||
domain, _, err := ensureDomainAccess(this.NullTx(), req.DomainId, userId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if domain == nil {
|
||||
return &pb.ListHTTPDNSCustomRulesWithDomainIdResponse{}, nil
|
||||
}
|
||||
}
|
||||
rules, err := models.SharedHTTPDNSCustomRuleDAO.ListEnabledRulesWithDomainId(this.NullTx(), req.DomainId)
|
||||
if err != nil {
|
||||
|
||||
@@ -60,7 +60,7 @@ type nodeClientInfo struct {
|
||||
}
|
||||
|
||||
func (this *HTTPDNSSandboxService) TestHTTPDNSResolve(ctx context.Context, req *pb.TestHTTPDNSResolveRequest) (*pb.TestHTTPDNSResolveResponse, error) {
|
||||
_, _, err := this.ValidateAdminAndUser(ctx, true)
|
||||
_, userId, err := this.ValidateAdminAndUser(ctx, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -73,6 +73,9 @@ func (this *HTTPDNSSandboxService) TestHTTPDNSResolve(ctx context.Context, req *
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if userId > 0 && app != nil && app.UserId != userId {
|
||||
return nil, errors.New("access denied")
|
||||
}
|
||||
if app == nil || !app.IsOn {
|
||||
return &pb.TestHTTPDNSResolveResponse{
|
||||
Code: "APP_NOT_FOUND_OR_DISABLED",
|
||||
|
||||
81
EdgeAPI/internal/rpc/services/httpdns/user_auth_helpers.go
Normal file
81
EdgeAPI/internal/rpc/services/httpdns/user_auth_helpers.go
Normal file
@@ -0,0 +1,81 @@
|
||||
package httpdns
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"strings"
|
||||
|
||||
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
||||
"github.com/iwind/TeaGo/dbs"
|
||||
)
|
||||
|
||||
func ensureAppAccess(tx *dbs.Tx, appDbId int64, userId int64) (*models.HTTPDNSApp, error) {
|
||||
app, err := models.SharedHTTPDNSAppDAO.FindEnabledApp(tx, appDbId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return nil, nil
|
||||
}
|
||||
if userId > 0 && app.UserId != userId {
|
||||
return nil, errors.New("access denied")
|
||||
}
|
||||
return app, nil
|
||||
}
|
||||
|
||||
func ensureAppAccessByAppId(tx *dbs.Tx, appId string, userId int64) (*models.HTTPDNSApp, error) {
|
||||
appId = strings.TrimSpace(appId)
|
||||
if len(appId) == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
app, err := models.SharedHTTPDNSAppDAO.FindEnabledAppWithAppId(tx, appId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return nil, nil
|
||||
}
|
||||
if userId > 0 && app.UserId != userId {
|
||||
return nil, errors.New("access denied")
|
||||
}
|
||||
return app, nil
|
||||
}
|
||||
|
||||
func ensureDomainAccess(tx *dbs.Tx, domainId int64, userId int64) (*models.HTTPDNSDomain, *models.HTTPDNSApp, error) {
|
||||
domain, err := models.SharedHTTPDNSDomainDAO.FindEnabledDomain(tx, domainId)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if domain == nil {
|
||||
return nil, nil, nil
|
||||
}
|
||||
|
||||
app, err := ensureAppAccess(tx, int64(domain.AppId), userId)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return nil, nil, nil
|
||||
}
|
||||
|
||||
return domain, app, nil
|
||||
}
|
||||
|
||||
func ensureRuleAccess(tx *dbs.Tx, ruleId int64, userId int64) (*models.HTTPDNSCustomRule, *models.HTTPDNSApp, error) {
|
||||
rule, err := models.SharedHTTPDNSCustomRuleDAO.FindEnabledRule(tx, ruleId)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if rule == nil {
|
||||
return nil, nil, nil
|
||||
}
|
||||
|
||||
app, err := ensureAppAccess(tx, int64(rule.AppId), userId)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
if app == nil {
|
||||
return nil, nil, nil
|
||||
}
|
||||
|
||||
return rule, app, nil
|
||||
}
|
||||
Reference in New Issue
Block a user