Refactor authentication and authorization

2025-06-26 18:16:50 +00:00 · 2021-12-22 17:43:26 +08:00
parent dfe15524a2
commit 487d73d643
52 changed files with 1348 additions and 942 deletions
--- a/api/api.go
+++ b/api/api.go
@@ -35,4 +35,5 @@ func init() {
 	container.Put(NewRole, container.Name("api.role"))
 	container.Put(NewEvent, container.Name("api.event"))
 	container.Put(NewChart, container.Name("api.chart"))
+	container.Put(NewDashboard, container.Name("api.dashboard"))
 }
--- a/api/chart.go
+++ b/api/chart.go
@@ -1,11 +1,7 @@
 package api

 import (
-	"strings"
-
 	"github.com/cuigh/auxo/data"
-	"github.com/cuigh/auxo/errors"
-	"github.com/cuigh/auxo/ext/times"
 	"github.com/cuigh/auxo/net/web"
 	"github.com/cuigh/swirl/biz"
 	"github.com/cuigh/swirl/model"
@@ -13,25 +9,19 @@ import (

 // ChartHandler encapsulates chart related handlers.
 type ChartHandler struct {
-	Search        web.HandlerFunc `path:"/search" auth:"chart.view" desc:"search charts"`
-	Find          web.HandlerFunc `path:"/find" auth:"chart.view" desc:"find chart by id"`
-	Save          web.HandlerFunc `path:"/save" method:"post" auth:"chart.edit" desc:"create or update chart"`
-	Delete        web.HandlerFunc `path:"/delete" method:"post" auth:"chart.delete" desc:"delete chart"`
-	FetchData     web.HandlerFunc `path:"/fetch-data" auth:"?" desc:"fetch chart data"`
-	FindDashboard web.HandlerFunc `path:"/find-dashboard" auth:"?" desc:"find dashboard by name and key"`
-	SaveDashboard web.HandlerFunc `path:"/save-dashboard" method:"post" auth:"chart.dashboard" desc:"save dashboard"`
+	Search web.HandlerFunc `path:"/search" auth:"chart.view" desc:"search charts"`
+	Find   web.HandlerFunc `path:"/find" auth:"chart.view" desc:"find chart by id"`
+	Save   web.HandlerFunc `path:"/save" method:"post" auth:"chart.edit" desc:"create or update chart"`
+	Delete web.HandlerFunc `path:"/delete" method:"post" auth:"chart.delete" desc:"delete chart"`
 }

 // NewChart creates an instance of ChartHandler
 func NewChart(b biz.ChartBiz) *ChartHandler {
 	return &ChartHandler{
-		Search:        chartSearch(b),
-		Find:          chartFind(b),
-		Delete:        chartDelete(b),
-		Save:          chartSave(b),
-		FetchData:     chartFetchData(b),
-		FindDashboard: chartFindDashboard(b),
-		SaveDashboard: chartSaveDashboard(b),
+		Search: chartSearch(b),
+		Find:   chartFind(b),
+		Delete: chartDelete(b),
+		Save:   chartSave(b),
 	}
 }

@@ -97,57 +87,3 @@ func chartSave(b biz.ChartBiz) web.HandlerFunc {
 		return ajax(ctx, err)
 	}
 }
-
-func chartFetchData(b biz.ChartBiz) web.HandlerFunc {
-	type Args struct {
-		Key    string `json:"key" bind:"key"`
-		Charts string `json:"charts" bind:"charts"`
-		Period int32  `json:"period" bind:"period"`
-	}
-	return func(ctx web.Context) (err error) {
-		var (
-			args = &Args{}
-			d    data.Map
-		)
-		if err = ctx.Bind(args); err == nil {
-			d, err = b.FetchData(args.Key, strings.Split(args.Charts, ","), times.Minutes(args.Period))
-		}
-		if err != nil {
-			return err
-		}
-		return success(ctx, d)
-	}
-}
-
-func chartFindDashboard(b biz.ChartBiz) web.HandlerFunc {
-	return func(ctx web.Context) (err error) {
-		var (
-			d    *model.Dashboard
-			name = ctx.Query("name")
-			key  = ctx.Query("key")
-		)
-		d, err = b.FindDashboard(name, key)
-		if err != nil {
-			return err
-		}
-		return success(ctx, d)
-	}
-}
-
-func chartSaveDashboard(b biz.ChartBiz) web.HandlerFunc {
-	return func(ctx web.Context) error {
-		dashboard := &model.Dashboard{}
-		err := ctx.Bind(dashboard)
-		if err != nil {
-			return err
-		}
-
-		switch dashboard.Name {
-		case "home", "service":
-			err = b.UpdateDashboard(dashboard, ctx.User())
-		default:
-			err = errors.New("unknown dashboard: " + dashboard.Name)
-		}
-		return ajax(ctx, err)
-	}
-}
--- a/api/container.go
+++ b/api/container.go
@@ -17,7 +17,7 @@ type ContainerHandler struct {
 	Find      web.HandlerFunc `path:"/find" auth:"container.view" desc:"find container by name"`
 	Delete    web.HandlerFunc `path:"/delete" method:"post" auth:"container.delete" desc:"delete container"`
 	FetchLogs web.HandlerFunc `path:"/fetch-logs" auth:"container.logs" desc:"fetch logs of container"`
-	Connect   web.HandlerFunc `path:"/connect" auth:"*" desc:"connect to a running container"`
+	Connect   web.HandlerFunc `path:"/connect" auth:"container.execute" desc:"connect to a running container"`
 }

 // NewContainer creates an instance of ContainerHandler
--- a/api/dashboard.go
+++ b/api/dashboard.go
@@ -0,0 +1,82 @@
+package api
+
+import (
+	"strings"
+
+	"github.com/cuigh/auxo/data"
+	"github.com/cuigh/auxo/errors"
+	"github.com/cuigh/auxo/ext/times"
+	"github.com/cuigh/auxo/net/web"
+	"github.com/cuigh/swirl/biz"
+	"github.com/cuigh/swirl/model"
+)
+
+// DashboardHandler encapsulates dashboard related handlers.
+type DashboardHandler struct {
+	Find      web.HandlerFunc `path:"/find" auth:"?" desc:"find dashboard by name and key"`
+	Save      web.HandlerFunc `path:"/save" method:"post" auth:"dashboard.edit" desc:"save dashboard"`
+	FetchData web.HandlerFunc `path:"/fetch-data" auth:"?" desc:"fetch data of dashboard charts"`
+}
+
+// NewDashboard creates an instance of DashboardHandler
+func NewDashboard(b biz.DashboardBiz) *DashboardHandler {
+	return &DashboardHandler{
+		Find:      dashboardFind(b),
+		Save:      dashboardSave(b),
+		FetchData: dashboardFetchData(b),
+	}
+}
+
+func dashboardFind(b biz.DashboardBiz) web.HandlerFunc {
+	return func(ctx web.Context) (err error) {
+		var (
+			d    *model.Dashboard
+			name = ctx.Query("name")
+			key  = ctx.Query("key")
+		)
+		d, err = b.FindDashboard(name, key)
+		if err != nil {
+			return err
+		}
+		return success(ctx, d)
+	}
+}
+
+func dashboardSave(b biz.DashboardBiz) web.HandlerFunc {
+	return func(ctx web.Context) error {
+		dashboard := &model.Dashboard{}
+		err := ctx.Bind(dashboard)
+		if err != nil {
+			return err
+		}
+
+		switch dashboard.Name {
+		case "home", "service":
+			err = b.UpdateDashboard(dashboard, ctx.User())
+		default:
+			err = errors.New("unknown dashboard: " + dashboard.Name)
+		}
+		return ajax(ctx, err)
+	}
+}
+
+func dashboardFetchData(b biz.DashboardBiz) web.HandlerFunc {
+	type Args struct {
+		Key        string `json:"key" bind:"key"`
+		Dashboards string `json:"charts" bind:"charts"`
+		Period     int32  `json:"period" bind:"period"`
+	}
+	return func(ctx web.Context) (err error) {
+		var (
+			args = &Args{}
+			d    data.Map
+		)
+		if err = ctx.Bind(args); err == nil {
+			d, err = b.FetchData(args.Key, strings.Split(args.Dashboards, ","), times.Minutes(args.Period))
+		}
+		if err != nil {
+			return err
+		}
+		return success(ctx, d)
+	}
+}
--- a/api/node.go
+++ b/api/node.go
@@ -3,6 +3,7 @@ package api
 import (
 	"github.com/cuigh/auxo/data"
 	"github.com/cuigh/auxo/net/web"
+	"github.com/cuigh/auxo/util/cast"
 	"github.com/cuigh/swirl/biz"
 )

@@ -28,22 +29,11 @@ func NewNode(nb biz.NodeBiz) *NodeHandler {

 func nodeList(nb biz.NodeBiz) web.HandlerFunc {
 	return func(ctx web.Context) error {
-		nodes, err := nb.List()
+		agent := cast.ToBool(ctx.Query("agent"))
+		nodes, err := nb.List(agent)
 		if err != nil {
 			return err
 		}
-
-		if ctx.Query("agent") == "true" {
-			i := 0
-			for j := 0; j < len(nodes); j++ {
-				if nodes[j].Agent != "" {
-					nodes[i] = nodes[j]
-					i++
-				}
-			}
-			nodes = nodes[:i]
-		}
-
 		return success(ctx, nodes)
 	}
 }
--- a/api/user.go
+++ b/api/user.go
@@ -1,7 +1,6 @@
 package api

 import (
-	"github.com/cuigh/auxo/app/container"
 	"github.com/cuigh/auxo/data"
 	"github.com/cuigh/auxo/net/web"
 	"github.com/cuigh/swirl/biz"
@@ -22,7 +21,7 @@ type UserHandler struct {
 }

 // NewUser creates an instance of UserHandler
-func NewUser(b biz.UserBiz, eb biz.EventBiz, auth *security.Authenticator) *UserHandler {
+func NewUser(b biz.UserBiz, eb biz.EventBiz, auth *security.Identifier) *UserHandler {
 	return &UserHandler{
 		SignIn:         userSignIn(auth, eb),
 		Search:         userSearch(b),
@@ -35,7 +34,7 @@ func NewUser(b biz.UserBiz, eb biz.EventBiz, auth *security.Authenticator) *User
 	}
 }

-func userSignIn(auth *security.Authenticator, eb biz.EventBiz) web.HandlerFunc {
+func userSignIn(auth *security.Identifier, eb biz.EventBiz) web.HandlerFunc {
 	type SignInArgs struct {
 		Name     string `json:"name"`
 		Password string `json:"password"`
@@ -43,27 +42,24 @@ func userSignIn(auth *security.Authenticator, eb biz.EventBiz) web.HandlerFunc {

 	return func(ctx web.Context) (err error) {
 		var (
-			args  = &SignInArgs{}
-			user  web.User
-			token string
+			args = &SignInArgs{}
+			user security.Identity
 		)

-		if err = ctx.Bind(args); err == nil {
-			if user, err = auth.Login(args.Name, args.Password); err == nil {
-				jwt := container.Find("identifier").(*security.JWT)
-				token, err = jwt.CreateToken(user.ID(), user.Name())
-			}
+		if err = ctx.Bind(args); err != nil {
+			return err
 		}

-		if err != nil {
+		if user, err = auth.Identify(args.Name, args.Password); err != nil {
 			return err
 		}

 		eb.CreateUser(biz.EventActionLogin, user.ID(), user.Name(), user)
+
 		return success(ctx, data.Map{
-			"token": token,
-			"id":    user.ID(),
 			"name":  user.Name(),
+			"token": user.Token(),
+			"perms": user.Perms(),
 		})
 	}
 }