带阿里标识的版本

EdgeAPI/internal/rpc/services/httpdns/user_auth_helpers.go

@@ -0,0 +1,81 @@
+package httpdns
+
+import (
+	"errors"
+	"strings"
+
+	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
+	"github.com/iwind/TeaGo/dbs"
+)
+
+func ensureAppAccess(tx *dbs.Tx, appDbId int64, userId int64) (*models.HTTPDNSApp, error) {
+	app, err := models.SharedHTTPDNSAppDAO.FindEnabledApp(tx, appDbId)
+	if err != nil {
+		return nil, err
+	}
+	if app == nil {
+		return nil, nil
+	}
+	if userId > 0 && app.UserId != userId {
+		return nil, errors.New("access denied")
+	}
+	return app, nil
+}
+
+func ensureAppAccessByAppId(tx *dbs.Tx, appId string, userId int64) (*models.HTTPDNSApp, error) {
+	appId = strings.TrimSpace(appId)
+	if len(appId) == 0 {
+		return nil, nil
+	}
+	app, err := models.SharedHTTPDNSAppDAO.FindEnabledAppWithAppId(tx, appId)
+	if err != nil {
+		return nil, err
+	}
+	if app == nil {
+		return nil, nil
+	}
+	if userId > 0 && app.UserId != userId {
+		return nil, errors.New("access denied")
+	}
+	return app, nil
+}
+
+func ensureDomainAccess(tx *dbs.Tx, domainId int64, userId int64) (*models.HTTPDNSDomain, *models.HTTPDNSApp, error) {
+	domain, err := models.SharedHTTPDNSDomainDAO.FindEnabledDomain(tx, domainId)
+	if err != nil {
+		return nil, nil, err
+	}
+	if domain == nil {
+		return nil, nil, nil
+	}
+
+	app, err := ensureAppAccess(tx, int64(domain.AppId), userId)
+	if err != nil {
+		return nil, nil, err
+	}
+	if app == nil {
+		return nil, nil, nil
+	}
+
+	return domain, app, nil
+}
+
+func ensureRuleAccess(tx *dbs.Tx, ruleId int64, userId int64) (*models.HTTPDNSCustomRule, *models.HTTPDNSApp, error) {
+	rule, err := models.SharedHTTPDNSCustomRuleDAO.FindEnabledRule(tx, ruleId)
+	if err != nil {
+		return nil, nil, err
+	}
+	if rule == nil {
+		return nil, nil, nil
+	}
+
+	app, err := ensureAppAccess(tx, int64(rule.AppId), userId)
+	if err != nil {
+		return nil, nil, err
+	}
+	if app == nil {
+		return nil, nil, nil
+	}
+
+	return rule, app, nil
+}