Compare commits
3 Commits
8c89d89382
...
da15c72fb3
| Author | SHA1 | Date | |
|---|---|---|---|
| da15c72fb3 | |||
| 182a389180 | |||
| 74819c1c2b |
18
.idea/workspace.xml
generated
18
.idea/workspace.xml
generated
@ -4,14 +4,12 @@
|
||||
<option name="autoReloadType" value="ALL" />
|
||||
</component>
|
||||
<component name="ChangeListManager">
|
||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":recycle: Optimized the initial permission system">
|
||||
<change afterPath="$PROJECT_DIR$/pkg/internal/models/audit.go" afterDir="false" />
|
||||
<change afterPath="$PROJECT_DIR$/pkg/internal/server/admin/permissions_api.go" afterDir="false" />
|
||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Admin notify one user">
|
||||
<change afterPath="$PROJECT_DIR$/pkg/internal/server/admin/factors_api.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/internal/database/migrator.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/database/migrator.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/internal/server/admin/index.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/admin/index.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/internal/services/events.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/events.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/main.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/main.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/pkg/internal/server/admin/user_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/admin/users_api.go" afterDir="false" />
|
||||
<change beforePath="$PROJECT_DIR$/settings.toml" beforeDir="false" afterPath="$PROJECT_DIR$/settings.toml" afterDir="false" />
|
||||
</list>
|
||||
<option name="SHOW_DIALOG" value="false" />
|
||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||
@ -157,9 +155,6 @@
|
||||
</option>
|
||||
</component>
|
||||
<component name="VcsManagerConfiguration">
|
||||
<MESSAGE value=":sparkles: Status system" />
|
||||
<MESSAGE value=":bug: Fix status expired in cache" />
|
||||
<MESSAGE value=":bug: Fix online condition" />
|
||||
<MESSAGE value=":sparkles: Last seen at" />
|
||||
<MESSAGE value=":sparkles: Edit, delete current status" />
|
||||
<MESSAGE value=":bug: Fix clear status affected the statutes cleared before" />
|
||||
@ -182,7 +177,10 @@
|
||||
<MESSAGE value=":sparkles: Reset password APIs" />
|
||||
<MESSAGE value=":sparkles: Password reset & user lookup API" />
|
||||
<MESSAGE value=":recycle: Optimized the initial permission system" />
|
||||
<option name="LAST_COMMIT_MESSAGE" value=":recycle: Optimized the initial permission system" />
|
||||
<MESSAGE value=":zap: Optimized audit, event logging system :sparkles: Audit logs :sparkles: Admin edit user permissions" />
|
||||
<MESSAGE value=":sparkles: Admin force confirm account" />
|
||||
<MESSAGE value=":sparkles: Admin notify one user" />
|
||||
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Admin notify one user" />
|
||||
</component>
|
||||
<component name="VgoProject">
|
||||
<settings-migrated>true</settings-migrated>
|
||||
|
||||
40
pkg/internal/server/admin/factors_api.go
Normal file
40
pkg/internal/server/admin/factors_api.go
Normal file
@ -0,0 +1,40 @@
|
||||
package admin
|
||||
|
||||
import (
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
|
||||
"github.com/gofiber/fiber/v2"
|
||||
jsoniter "github.com/json-iterator/go"
|
||||
"github.com/samber/lo"
|
||||
)
|
||||
|
||||
func getUserAuthFactors(c *fiber.Ctx) error {
|
||||
userId, _ := c.ParamsInt("user")
|
||||
|
||||
if err := exts.EnsureGrantedPerm(c, "AdminAuthFactors", true); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var factors []models.AuthFactor
|
||||
if err := database.C.Where("account_id = ?", userId).Find(&factors).Error; err != nil {
|
||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
||||
}
|
||||
|
||||
encodedResp := lo.Map(factors, func(item models.AuthFactor, idx int) map[string]any {
|
||||
var encoded map[string]any
|
||||
raw, _ := jsoniter.Marshal(item)
|
||||
_ = jsoniter.Unmarshal(raw, &encoded)
|
||||
|
||||
// Blur out the secret if it isn't current rolling email one-time-password
|
||||
if item.Type != models.EmailPasswordFactor && len(item.Secret) != 6 {
|
||||
encoded["secret"] = "**CENSORED**"
|
||||
} else {
|
||||
encoded["secret"] = item.Secret
|
||||
}
|
||||
|
||||
return encoded
|
||||
})
|
||||
|
||||
return c.JSON(encodedResp)
|
||||
}
|
||||
@ -11,7 +11,12 @@ func MapAdminAPIs(app *fiber.App) {
|
||||
admin.Delete("/badges/:badgeId", revokeBadge)
|
||||
|
||||
admin.Post("/notify/all", notifyAllUser)
|
||||
admin.Post("/notify/:user", notifyOneUser)
|
||||
|
||||
admin.Get("/users", listUser)
|
||||
admin.Get("/users/:user", getUser)
|
||||
admin.Get("/users/:user/factors", getUserAuthFactors)
|
||||
admin.Put("/users/:user/permissions", editUserPermission)
|
||||
admin.Post("/users/:user/confirm", forceConfirmAccount)
|
||||
}
|
||||
}
|
||||
|
||||
@ -27,10 +27,15 @@ func notifyAllUser(c *fiber.Ctx) error {
|
||||
if err := exts.EnsureGrantedPerm(c, "AdminNotifyAll", true); err != nil {
|
||||
return err
|
||||
}
|
||||
operator := c.Locals("user").(models.Account)
|
||||
|
||||
var users []models.Account
|
||||
if err := database.C.Find(&users).Error; err != nil {
|
||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
||||
} else {
|
||||
services.AddAuditRecord(operator, "notify.all", c.IP(), c.Get(fiber.HeaderUserAgent), map[string]any{
|
||||
"payload": data,
|
||||
})
|
||||
}
|
||||
|
||||
go func() {
|
||||
@ -59,3 +64,57 @@ func notifyAllUser(c *fiber.Ctx) error {
|
||||
|
||||
return c.SendStatus(fiber.StatusOK)
|
||||
}
|
||||
|
||||
func notifyOneUser(c *fiber.Ctx) error {
|
||||
var data struct {
|
||||
Type string `json:"type" validate:"required"`
|
||||
Subject string `json:"subject" validate:"required,max=1024"`
|
||||
Content string `json:"content" validate:"required,max=4096"`
|
||||
Metadata map[string]any `json:"metadata"`
|
||||
Links []models.NotificationLink `json:"links"`
|
||||
IsForcePush bool `json:"is_force_push"`
|
||||
IsRealtime bool `json:"is_realtime"`
|
||||
UserID uint `json:"user_id"`
|
||||
}
|
||||
|
||||
if err := exts.BindAndValidate(c, &data); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := exts.EnsureGrantedPerm(c, "AdminNotifyAll", true); err != nil {
|
||||
return err
|
||||
}
|
||||
operator := c.Locals("user").(models.Account)
|
||||
|
||||
var user models.Account
|
||||
if err := database.C.Where("id = ?", data.UserID).First(&user).Error; err != nil {
|
||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
||||
} else {
|
||||
services.AddAuditRecord(operator, "notify.one", c.IP(), c.Get(fiber.HeaderUserAgent), map[string]any{
|
||||
"user_id": user.ID,
|
||||
"payload": data,
|
||||
})
|
||||
}
|
||||
|
||||
notification := models.Notification{
|
||||
Type: data.Type,
|
||||
Subject: data.Subject,
|
||||
Content: data.Content,
|
||||
Links: data.Links,
|
||||
IsRealtime: data.IsRealtime,
|
||||
IsForcePush: data.IsForcePush,
|
||||
RecipientID: user.ID,
|
||||
}
|
||||
|
||||
if data.IsRealtime {
|
||||
if err := services.PushNotification(notification); err != nil {
|
||||
log.Error().Err(err).Uint("user", user.ID).Msg("Failed to push notification...")
|
||||
}
|
||||
} else {
|
||||
if err := services.NewNotification(notification); err != nil {
|
||||
log.Error().Err(err).Uint("user", user.ID).Msg("Failed to create notification...")
|
||||
}
|
||||
}
|
||||
|
||||
return c.SendStatus(fiber.StatusOK)
|
||||
}
|
||||
|
||||
@ -37,6 +37,7 @@ func editUserPermission(c *fiber.Ctx) error {
|
||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
||||
} else {
|
||||
services.AddAuditRecord(operator, "user.permissions.edit", c.IP(), c.Get(fiber.HeaderUserAgent), map[string]any{
|
||||
"user_id": user.ID,
|
||||
"previous_permissions": prev,
|
||||
"new_permissions": data.PermNodes,
|
||||
})
|
||||
|
||||
73
pkg/internal/server/admin/users_api.go
Normal file
73
pkg/internal/server/admin/users_api.go
Normal file
@ -0,0 +1,73 @@
|
||||
package admin
|
||||
|
||||
import "C"
|
||||
import (
|
||||
"fmt"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/services"
|
||||
"github.com/gofiber/fiber/v2"
|
||||
)
|
||||
|
||||
func listUser(c *fiber.Ctx) error {
|
||||
take := c.QueryInt("take", 0)
|
||||
offset := c.QueryInt("offset", 0)
|
||||
|
||||
if err := exts.EnsureGrantedPerm(c, "AdminUser", true); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var count int64
|
||||
if err := database.C.Model(&models.Account{}).Count(&count).Error; err != nil {
|
||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
||||
}
|
||||
var items []models.Account
|
||||
if err := database.C.Offset(offset).Limit(take).Find(&items).Error; err != nil {
|
||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
||||
}
|
||||
|
||||
return c.JSON(fiber.Map{
|
||||
"count": count,
|
||||
"data": items,
|
||||
})
|
||||
}
|
||||
|
||||
func getUser(c *fiber.Ctx) error {
|
||||
userId, _ := c.ParamsInt("user")
|
||||
|
||||
if err := exts.EnsureGrantedPerm(c, "AdminUser", true); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var user models.Account
|
||||
if err := database.C.Where("id = ?", userId).First(&user).Error; err != nil {
|
||||
return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("account was not found: %v", err))
|
||||
}
|
||||
|
||||
return c.JSON(user)
|
||||
}
|
||||
|
||||
func forceConfirmAccount(c *fiber.Ctx) error {
|
||||
userId, _ := c.ParamsInt("user")
|
||||
|
||||
if err := exts.EnsureGrantedPerm(c, "AdminUserConfirmation", true); err != nil {
|
||||
return err
|
||||
}
|
||||
operator := c.Locals("user").(models.Account)
|
||||
|
||||
var user models.Account
|
||||
if err := database.C.Where("id = ?", userId).First(&user).Error; err != nil {
|
||||
return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("account was not found: %v", err))
|
||||
}
|
||||
|
||||
if err := services.ForceConfirmAccount(user); err != nil {
|
||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
||||
} else {
|
||||
services.AddAuditRecord(operator, "user.confirm", c.IP(), c.Get(fiber.HeaderUserAgent), map[string]any{
|
||||
"user_id": user.ID,
|
||||
})
|
||||
}
|
||||
|
||||
return c.SendStatus(fiber.StatusOK)
|
||||
}
|
||||
@ -11,7 +11,6 @@ import (
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
||||
"github.com/google/uuid"
|
||||
"github.com/samber/lo"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
func GetAccount(id uint) (models.Account, error) {
|
||||
@ -112,28 +111,33 @@ func ConfirmAccount(code string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
return database.C.Transaction(func(tx *gorm.DB) error {
|
||||
user.ConfirmedAt = lo.ToPtr(time.Now())
|
||||
if err = ForceConfirmAccount(user); err != nil {
|
||||
return err
|
||||
} else {
|
||||
database.C.Delete(&token)
|
||||
}
|
||||
|
||||
for k, v := range viper.GetStringMap("permissions.verified") {
|
||||
if val, ok := user.PermNodes[k]; !ok {
|
||||
user.PermNodes[k] = v
|
||||
} else {
|
||||
user.PermNodes[k] = val
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func ForceConfirmAccount(user models.Account) error {
|
||||
user.ConfirmedAt = lo.ToPtr(time.Now())
|
||||
|
||||
for k, v := range viper.GetStringMap("permissions.verified") {
|
||||
if val, ok := user.PermNodes[k]; !ok {
|
||||
user.PermNodes[k] = v
|
||||
} else {
|
||||
user.PermNodes[k] = val
|
||||
}
|
||||
}
|
||||
|
||||
if err := database.C.Delete(&token).Error; err != nil {
|
||||
return err
|
||||
}
|
||||
if err := database.C.Save(&user).Error; err != nil {
|
||||
return err
|
||||
}
|
||||
if err := database.C.Save(&user).Error; err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
InvalidAuthCacheWithUser(user.ID)
|
||||
InvalidAuthCacheWithUser(user.ID)
|
||||
|
||||
return nil
|
||||
})
|
||||
return nil
|
||||
}
|
||||
|
||||
func CheckAbleToResetPassword(user models.Account) error {
|
||||
|
||||
@ -31,7 +31,7 @@ func AddAuditRecord(operator models.Account, act, ip, ua string, metadata map[st
|
||||
})
|
||||
}
|
||||
|
||||
// SaveEventChanges runs every 60 seconds to save events / audits changes into database
|
||||
// SaveEventChanges runs every 60 seconds to save events / audits changes into the database
|
||||
func SaveEventChanges() {
|
||||
if len(writeEventQueue) > 0 {
|
||||
count := len(writeEventQueue)
|
||||
|
||||
@ -42,6 +42,7 @@ func AddNotifySubscriber(user models.Account, provider, id, tk, ua string) (mode
|
||||
return subscriber, err
|
||||
}
|
||||
|
||||
// NewNotification will create a notification and push via the push method it
|
||||
func NewNotification(notification models.Notification) error {
|
||||
if err := database.C.Save(¬ification).Error; err != nil {
|
||||
return err
|
||||
@ -54,6 +55,9 @@ func NewNotification(notification models.Notification) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// PushNotification will push the notification what ever it is exists record in the database
|
||||
// Recommend push another goroutine when you need to push a lot of notification
|
||||
// And just use block statement when you just push one notification, the time of create a new sub-process is much more than push notification
|
||||
func PushNotification(notification models.Notification) error {
|
||||
for conn := range wsConn[notification.RecipientID] {
|
||||
_ = conn.WriteMessage(1, models.UnifiedCommand{
|
||||
@ -62,7 +66,7 @@ func PushNotification(notification models.Notification) error {
|
||||
}.Marshal())
|
||||
}
|
||||
|
||||
// Skip push notify
|
||||
// Skip push notification
|
||||
if GetStatusDisturbable(notification.RecipientID) != nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -44,10 +44,10 @@ dsn = "host=localhost user=postgres password=password dbname=hy_passport port=54
|
||||
prefix = "passport_"
|
||||
|
||||
[permissions.default]
|
||||
CreatePost = true
|
||||
CreatePosts = true
|
||||
CreateAttachments = 1048576
|
||||
|
||||
[permissions.verified]
|
||||
CreateRealm = true
|
||||
CreateArticle = true
|
||||
CreateRealms = true
|
||||
CreateArticles = true
|
||||
CreateAttachments = 26214400
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user