Realm in passport

This commit is contained in:
LittleSheep 2024-05-04 01:32:44 +08:00
parent 29a33331e4
commit 5de68bb9b9
7 changed files with 428 additions and 6 deletions

15
.idea/workspace.xml generated
View File

@ -4,12 +4,14 @@
<option name="autoReloadType" value="ALL" />
</component>
<component name="ChangeListManager">
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Batch mark notify as read API">
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":bug: Bug fixes of risk detection&#10;:lipstick: Optimized UI">
<change afterPath="$PROJECT_DIR$/pkg/models/realms.go" afterDir="false" />
<change afterPath="$PROJECT_DIR$/pkg/server/realm_members_api.go" afterDir="false" />
<change afterPath="$PROJECT_DIR$/pkg/server/realms_api.go" afterDir="false" />
<change afterPath="$PROJECT_DIR$/pkg/services/realms.go" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/server/auth_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/auth_api.go" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/services/ticket.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/ticket.go" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/views/partials/header.gohtml" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/views/partials/header.gohtml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/views/users/personalize.gohtml" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/views/users/personalize.gohtml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/database/migrator.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/database/migrator.go" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/server/startup.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/startup.go" afterDir="false" />
</list>
<option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" />
@ -143,7 +145,8 @@
<MESSAGE value=":bug: Bug fixes of design" />
<MESSAGE value=":sparkles: Bug fixes" />
<MESSAGE value=":sparkles: Batch mark notify as read API" />
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Batch mark notify as read API" />
<MESSAGE value=":bug: Bug fixes of risk detection&#10;:lipstick: Optimized UI" />
<option name="LAST_COMMIT_MESSAGE" value=":bug: Bug fixes of risk detection&#10;:lipstick: Optimized UI" />
</component>
<component name="VgoProject">
<settings-migrated>true</settings-migrated>

View File

@ -12,6 +12,8 @@ var DatabaseAutoActionRange = []any{
&models.AccountPage{},
&models.AccountContact{},
&models.AccountFriendship{},
&models.Realm{},
&models.RealmMember{},
&models.AuthTicket{},
&models.MagicToken{},
&models.ThirdClient{},

23
pkg/models/realms.go Normal file
View File

@ -0,0 +1,23 @@
package models
type Realm struct {
BaseModel
Alias string `json:"alias" gorm:"uniqueIndex"`
Name string `json:"name"`
Description string `json:"description"`
Members []RealmMember `json:"members"`
IsPublic bool `json:"is_public"`
IsCommunity bool `json:"is_community"`
AccountID uint `json:"account_id"`
}
type RealmMember struct {
BaseModel
RealmID uint `json:"realm_id"`
AccountID uint `json:"account_id"`
Realm Realm `json:"realm"`
Account Account `json:"account"`
PowerLevel int `json:"power_level"`
}

View File

@ -0,0 +1,107 @@
package server
import (
"git.solsynth.dev/hydrogen/passport/pkg/database"
"git.solsynth.dev/hydrogen/passport/pkg/models"
"git.solsynth.dev/hydrogen/passport/pkg/services"
"git.solsynth.dev/hydrogen/passport/pkg/utils"
"github.com/gofiber/fiber/v2"
)
func listRealmMembers(c *fiber.Ctx) error {
alias := c.Params("realm")
if realm, err := services.GetRealmWithAlias(alias); err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
} else if members, err := services.ListRealmMember(realm.ID); err != nil {
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
} else {
return c.JSON(members)
}
}
func addRealmMember(c *fiber.Ctx) error {
user := c.Locals("principal").(models.Account)
alias := c.Params("realm")
var data struct {
Target string `json:"target" validate:"required"`
}
if err := utils.BindAndValidate(c, &data); err != nil {
return err
}
realm, err := services.GetRealmWithAlias(alias)
if err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
var account models.Account
if err := database.C.Where(&models.Account{
Name: data.Target,
}).First(&account).Error; err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
if err := services.AddRealmMember(user, account, realm); err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
} else {
return c.SendStatus(fiber.StatusOK)
}
}
func removeRealmMember(c *fiber.Ctx) error {
user := c.Locals("principal").(models.Account)
alias := c.Params("realm")
var data struct {
Target string `json:"target" validate:"required"`
}
if err := utils.BindAndValidate(c, &data); err != nil {
return err
}
realm, err := services.GetRealmWithAlias(alias)
if err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
var account models.Account
if err := database.C.Where(&models.Account{
Name: data.Target,
}).First(&account).Error; err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
if err := services.RemoveRealmMember(user, account, realm); err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
} else {
return c.SendStatus(fiber.StatusOK)
}
}
func leaveRealm(c *fiber.Ctx) error {
user := c.Locals("principal").(models.Account)
alias := c.Params("realm")
realm, err := services.GetRealmWithAlias(alias)
if err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
} else if user.ID == realm.AccountID {
return fiber.NewError(fiber.StatusBadRequest, "you cannot leave your own realm")
}
var account models.Account
if err := database.C.Where(&models.Account{
BaseModel: models.BaseModel{ID: user.ID},
}).First(&account).Error; err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
if err := services.RemoveRealmMember(user, account, realm); err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
} else {
return c.SendStatus(fiber.StatusOK)
}
}

135
pkg/server/realms_api.go Normal file
View File

@ -0,0 +1,135 @@
package server
import (
"git.solsynth.dev/hydrogen/passport/pkg/database"
"git.solsynth.dev/hydrogen/passport/pkg/models"
"git.solsynth.dev/hydrogen/passport/pkg/services"
"git.solsynth.dev/hydrogen/passport/pkg/utils"
"github.com/gofiber/fiber/v2"
)
func getRealm(c *fiber.Ctx) error {
alias := c.Params("realm")
if realm, err := services.GetRealmWithAlias(alias); err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
} else {
return c.JSON(realm)
}
}
func listCommunityRealm(c *fiber.Ctx) error {
realms, err := services.ListCommunityRealm()
if err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
}
return c.JSON(realms)
}
func listOwnedRealm(c *fiber.Ctx) error {
user := c.Locals("principal").(models.Account)
if realms, err := services.ListRealmWithUser(user); err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
} else {
return c.JSON(realms)
}
}
func listAvailableRealm(c *fiber.Ctx) error {
user := c.Locals("principal").(models.Account)
if realms, err := services.ListRealmIsAvailable(user); err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
} else {
return c.JSON(realms)
}
}
func createRealm(c *fiber.Ctx) error {
user := c.Locals("principal").(models.Account)
if user.PowerLevel < 10 {
return fiber.NewError(fiber.StatusForbidden, "require power level 10 to create realms")
}
var data struct {
Alias string `json:"alias" validate:"required,lowercase,min=4,max=32"`
Name string `json:"name" validate:"required"`
Description string `json:"description"`
IsPublic bool `json:"is_public"`
IsCommunity bool `json:"is_community"`
}
if err := utils.BindAndValidate(c, &data); err != nil {
return err
}
realm, err := services.NewRealm(models.Realm{
Alias: data.Alias,
Name: data.Name,
Description: data.Description,
IsPublic: data.IsPublic,
IsCommunity: data.IsCommunity,
AccountID: user.ID,
})
if err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
}
return c.JSON(realm)
}
func editRealm(c *fiber.Ctx) error {
user := c.Locals("principal").(models.Account)
id, _ := c.ParamsInt("realmId", 0)
var data struct {
Alias string `json:"alias" validate:"required,lowercase,min=4,max=32"`
Name string `json:"name" validate:"required"`
Description string `json:"description"`
IsPublic bool `json:"is_public"`
IsCommunity bool `json:"is_community"`
}
if err := utils.BindAndValidate(c, &data); err != nil {
return err
}
var realm models.Realm
if err := database.C.Where(&models.Realm{
BaseModel: models.BaseModel{ID: uint(id)},
AccountID: user.ID,
}).First(&realm).Error; err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
realm.Alias = data.Alias
realm.Name = data.Name
realm.Description = data.Description
realm.IsPublic = data.IsPublic
realm.IsCommunity = data.IsCommunity
realm, err := services.EditRealm(realm)
if err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
}
return c.JSON(realm)
}
func deleteRealm(c *fiber.Ctx) error {
user := c.Locals("principal").(models.Account)
id, _ := c.ParamsInt("realmId", 0)
var realm models.Realm
if err := database.C.Where(&models.Realm{
BaseModel: models.BaseModel{ID: uint(id)},
AccountID: user.ID,
}).First(&realm).Error; err != nil {
return fiber.NewError(fiber.StatusNotFound, err.Error())
}
if err := services.DeleteRealm(realm); err != nil {
return fiber.NewError(fiber.StatusBadRequest, err.Error())
}
return c.SendStatus(fiber.StatusOK)
}

View File

@ -117,6 +117,21 @@ func NewServer() {
api.Post("/auth/token", getToken)
api.Post("/auth/factors/:factorId", requestFactorToken)
realms := api.Group("/realms").Name("Realms API")
{
realms.Get("/", listCommunityRealm)
realms.Get("/me", authMiddleware, listOwnedRealm)
realms.Get("/me/available", authMiddleware, listAvailableRealm)
realms.Get("/:realm", getRealm)
realms.Get("/:realm/members", listRealmMembers)
realms.Post("/", authMiddleware, createRealm)
realms.Put("/:realmId", authMiddleware, editRealm)
realms.Delete("/:realmId", authMiddleware, deleteRealm)
realms.Post("/:realm/members", authMiddleware, addRealmMember)
realms.Delete("/:realm/members", authMiddleware, removeRealmMember)
realms.Delete("/:realm/members/me", authMiddleware, leaveRealm)
}
developers := api.Group("/dev").Name("Developers API")
{
developers.Post("/notify", notifyUser)

137
pkg/services/realms.go Normal file
View File

@ -0,0 +1,137 @@
package services
import (
"fmt"
"git.solsynth.dev/hydrogen/passport/pkg/database"
"git.solsynth.dev/hydrogen/passport/pkg/models"
"github.com/samber/lo"
)
func ListCommunityRealm() ([]models.Realm, error) {
var realms []models.Realm
if err := database.C.Where(&models.Realm{
IsCommunity: true,
}).Find(&realms).Error; err != nil {
return realms, err
}
return realms, nil
}
func ListRealmWithUser(user models.Account) ([]models.Realm, error) {
var realms []models.Realm
if err := database.C.Where(&models.Realm{AccountID: user.ID}).Find(&realms).Error; err != nil {
return realms, err
}
return realms, nil
}
func ListRealmIsAvailable(user models.Account) ([]models.Realm, error) {
var realms []models.Realm
var members []models.RealmMember
if err := database.C.Where(&models.RealmMember{
AccountID: user.ID,
}).Find(&members).Error; err != nil {
return realms, err
}
idx := lo.Map(members, func(item models.RealmMember, index int) uint {
return item.RealmID
})
if err := database.C.Where("id IN ?", idx).Find(&realms).Error; err != nil {
return realms, err
}
return realms, nil
}
func GetRealmWithAlias(alias string) (models.Realm, error) {
var realm models.Realm
if err := database.C.Where(&models.Realm{
Alias: alias,
}).First(&realm).Error; err != nil {
return realm, err
}
return realm, nil
}
func NewRealm(realm models.Realm) (models.Realm, error) {
err := database.C.Save(&realm).Error
return realm, err
}
func ListRealmMember(realmId uint) ([]models.RealmMember, error) {
var members []models.RealmMember
if err := database.C.
Where(&models.RealmMember{RealmID: realmId}).
Preload("Account").
Find(&members).Error; err != nil {
return members, err
}
return members, nil
}
func GetRealmMember(userId uint, realmId uint) (models.RealmMember, error) {
var member models.RealmMember
if err := database.C.Where(&models.RealmMember{
AccountID: userId,
RealmID: realmId,
}).Find(&member).Error; err != nil {
return member, err
}
return member, nil
}
func AddRealmMember(user models.Account, affected models.Account, target models.Realm) error {
if !target.IsPublic && !target.IsCommunity {
if member, err := GetRealmMember(user.ID, target.ID); err != nil {
return fmt.Errorf("only realm member can add people: %v", err)
} else if member.PowerLevel < 50 {
return fmt.Errorf("only realm moderator can add people")
}
friendship, err := GetFriendWithTwoSides(affected.ID, user.ID)
if err != nil || friendship.Status != models.FriendshipActive {
return fmt.Errorf("you only can add your friends to your realm")
}
}
member := models.RealmMember{
RealmID: target.ID,
AccountID: affected.ID,
}
err := database.C.Save(&member).Error
return err
}
func RemoveRealmMember(user models.Account, affected models.Account, target models.Realm) error {
if user.ID != affected.ID {
if member, err := GetRealmMember(user.ID, target.ID); err != nil {
return fmt.Errorf("only realm member can remove other member: %v", err)
} else if member.PowerLevel < 50 {
return fmt.Errorf("only realm moderator can invite people")
}
}
var member models.RealmMember
if err := database.C.Where(&models.RealmMember{
RealmID: target.ID,
AccountID: affected.ID,
}).First(&member).Error; err != nil {
return err
}
return database.C.Delete(&member).Error
}
func EditRealm(realm models.Realm) (models.Realm, error) {
err := database.C.Save(&realm).Error
return realm, err
}
func DeleteRealm(realm models.Realm) error {
return database.C.Delete(&realm).Error
}