.idea/workspace.xml

@@ -4,14 +4,13 @@
     <option name="autoReloadType" value="ALL" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":recycle: Optimized the initial permission system">
+    <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Reset password APIs">
-      <change afterPath="$PROJECT_DIR$/pkg/internal/models/audit.go" afterDir="false" />
-      <change afterPath="$PROJECT_DIR$/pkg/internal/server/admin/permissions_api.go" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/pkg/internal/database/migrator.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/database/migrator.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/server/api/accounts_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/accounts_api.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/pkg/internal/server/admin/index.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/admin/index.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/server/api/index.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/index.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/pkg/internal/services/events.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/events.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/pkg/internal/services/accounts.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/accounts.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/pkg/main.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/main.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/web/src/views/flow/confirm.vue" beforeDir="false" afterPath="$PROJECT_DIR$/web/src/views/flow/confirm.vue" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/web/src/views/flow/password-reset.vue" beforeDir="false" afterPath="$PROJECT_DIR$/web/src/views/flow/password-reset.vue" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -46,34 +45,34 @@
     <option name="hideEmptyMiddlePackages" value="true" />
     <option name="showLibraryContents" value="true" />
   </component>
-  <component name="PropertiesComponent">{
+  <component name="PropertiesComponent"><![CDATA[{
-  &quot;keyToString&quot;: {
+  "keyToString": {
-    &quot;DefaultGoTemplateProperty&quot;: &quot;Go File&quot;,
+    "DefaultGoTemplateProperty": "Go File",
-    &quot;Go Build.Backend.executor&quot;: &quot;Run&quot;,
+    "Go Build.Backend.executor": "Run",
-    &quot;Go 构建.Backend.executor&quot;: &quot;Run&quot;,
+    "Go 构建.Backend.executor": "Run",
-    &quot;RunOnceActivity.ShowReadmeOnStart&quot;: &quot;true&quot;,
+    "RunOnceActivity.ShowReadmeOnStart": "true",
-    &quot;RunOnceActivity.go.formatter.settings.were.checked&quot;: &quot;true&quot;,
+    "RunOnceActivity.go.formatter.settings.were.checked": "true",
-    &quot;RunOnceActivity.go.migrated.go.modules.settings&quot;: &quot;true&quot;,
+    "RunOnceActivity.go.migrated.go.modules.settings": "true",
-    &quot;RunOnceActivity.go.modules.automatic.dependencies.download&quot;: &quot;true&quot;,
+    "RunOnceActivity.go.modules.automatic.dependencies.download": "true",
-    &quot;RunOnceActivity.go.modules.go.list.on.any.changes.was.set&quot;: &quot;true&quot;,
+    "RunOnceActivity.go.modules.go.list.on.any.changes.was.set": "true",
-    &quot;git-widget-placeholder&quot;: &quot;master&quot;,
+    "git-widget-placeholder": "master",
-    &quot;go.import.settings.migrated&quot;: &quot;true&quot;,
+    "go.import.settings.migrated": "true",
-    &quot;go.sdk.automatically.set&quot;: &quot;true&quot;,
+    "go.sdk.automatically.set": "true",
-    &quot;last_opened_file_path&quot;: &quot;/Users/littlesheep/Documents/Projects/Hydrogen/Passport/web/src/views&quot;,
+    "last_opened_file_path": "/Users/littlesheep/Documents/Projects/Hydrogen/Passport/web/src/views",
-    &quot;node.js.detected.package.eslint&quot;: &quot;true&quot;,
+    "node.js.detected.package.eslint": "true",
-    &quot;node.js.selected.package.eslint&quot;: &quot;(autodetect)&quot;,
+    "node.js.selected.package.eslint": "(autodetect)",
-    &quot;nodejs_package_manager_path&quot;: &quot;npm&quot;,
+    "nodejs_package_manager_path": "npm",
-    &quot;run.code.analysis.last.selected.profile&quot;: &quot;pProject Default&quot;,
+    "run.code.analysis.last.selected.profile": "pProject Default",
-    &quot;settings.editor.selected.configurable&quot;: &quot;preferences.pluginManager&quot;,
+    "settings.editor.selected.configurable": "preferences.pluginManager",
-    &quot;ts.external.directory.path&quot;: &quot;/Users/littlesheep/Documents/Projects/Hydrogen/Passport/web/node_modules/typescript/lib&quot;,
+    "ts.external.directory.path": "/Users/littlesheep/Documents/Projects/Hydrogen/Passport/web/node_modules/typescript/lib",
-    &quot;vue.rearranger.settings.migration&quot;: &quot;true&quot;
+    "vue.rearranger.settings.migration": "true"
   },
-  &quot;keyToStringList&quot;: {
+  "keyToStringList": {
-    &quot;DatabaseDriversLRU&quot;: [
+    "DatabaseDriversLRU": [
-      &quot;postgresql&quot;
+      "postgresql"
     ]
   }
-}</component>
+}]]></component>
   <component name="RecentsManager">
     <key name="CopyFile.RECENT_KEYS">
       <recent name="$PROJECT_DIR$/web/src/views" />
@@ -157,6 +156,8 @@
     </option>
   </component>
   <component name="VcsManagerConfiguration">
+    <MESSAGE value=":bug: Authenticate wrong payload hotfix" />
+    <MESSAGE value=":sparkles: Can pick up mfa request" />
     <MESSAGE value=":sparkles: Status system" />
     <MESSAGE value=":bug: Fix status expired in cache" />
     <MESSAGE value=":bug: Fix online condition" />
@@ -180,9 +181,7 @@
     <MESSAGE value=":bug: Fix API mapping issue" />
     <MESSAGE value=":recycle: Improve notify API" />
     <MESSAGE value=":sparkles: Reset password APIs" />
-    <MESSAGE value=":sparkles: Password reset &amp; user lookup API" />
+    <option name="LAST_COMMIT_MESSAGE" value=":sparkles: Reset password APIs" />
-    <MESSAGE value=":recycle: Optimized the initial permission system" />
-    <option name="LAST_COMMIT_MESSAGE" value=":recycle: Optimized the initial permission system" />
   </component>
   <component name="VgoProject">
     <settings-migrated>true</settings-migrated>

pkg/internal/database/migrator.go

@@ -21,7 +21,6 @@ var AutoMaintainRange = []any{
 	&models.ActionEvent{},
 	&models.Notification{},
 	&models.NotificationSubscriber{},
-	&models.AuditRecord{},
 }
 
 func RunMigration(source *gorm.DB) error {

pkg/internal/models/audit.go

@@ -1,13 +0,0 @@
-package models
-
-import "gorm.io/datatypes"
-
-type AuditRecord struct {
-	BaseModel
-
-	Action    string            `json:"action"`
-	Metadata  datatypes.JSONMap `json:"metadata"`
-	UserAgent string            `json:"user_agent"`
-	IpAddress string            `json:"ip_address"`
-	AccountID uint              `json:"account_id"`
-}

pkg/internal/server/admin/index.go

@@ -11,7 +11,5 @@ func MapAdminAPIs(app *fiber.App) {
 		admin.Delete("/badges/:badgeId", revokeBadge)
 
 		admin.Post("/notify/all", notifyAllUser)
-
-		admin.Put("/users/:user/permissions", editUserPermission)
 	}
 }

pkg/internal/server/admin/permissions_api.go

@@ -1,46 +0,0 @@
-package admin
-
-import (
-	"fmt"
-	"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
-	"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
-	"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
-	"git.solsynth.dev/hydrogen/passport/pkg/internal/services"
-	"github.com/gofiber/fiber/v2"
-)
-
-func editUserPermission(c *fiber.Ctx) error {
-	userId, _ := c.ParamsInt("user")
-
-	if err := exts.EnsureGrantedPerm(c, "AdminUserPermission", true); err != nil {
-		return err
-	}
-	operator := c.Locals("user").(models.Account)
-
-	var data struct {
-		PermNodes map[string]any `json:"perm_nodes" validate:"required"`
-	}
-
-	if err := exts.BindAndValidate(c, &data); err != nil {
-		return err
-	}
-
-	var user models.Account
-	if err := database.C.Where("id = ?", userId).First(&user).Error; err != nil {
-		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("account was not found: %v", err))
-	}
-
-	prev := user.PermNodes
-	user.PermNodes = data.PermNodes
-
-	if err := database.C.Save(&user).Error; err != nil {
-		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
-	} else {
-		services.AddAuditRecord(operator, "user.permissions.edit", c.IP(), c.Get(fiber.HeaderUserAgent), map[string]any{
-			"previous_permissions": prev,
-			"new_permissions":      data.PermNodes,
-		})
-	}
-
-	return c.SendStatus(fiber.StatusOK)
-}

pkg/internal/services/accounts.go

@@ -118,8 +118,8 @@ func ConfirmAccount(code string) error {
 		for k, v := range viper.GetStringMap("permissions.verified") {
 			if val, ok := user.PermNodes[k]; !ok {
 				user.PermNodes[k] = v
-			} else {
+			} else if !ComparePermNode(val, v) {
-				user.PermNodes[k] = val
+				user.PermNodes[k] = v
 			}
 		}
 

pkg/internal/services/events.go

@@ -3,46 +3,18 @@ package services
 import (
 	"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
 	"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
-	"github.com/rs/zerolog/log"
 )
 
-var writeEventQueue []models.ActionEvent
+func AddEvent(user models.Account, event, target, ip, ua string) models.ActionEvent {
-var writeAuditQueue []models.AuditRecord
+	evt := models.ActionEvent{
-
-// AddEvent to keep operation logs by user themselves clear to query
-func AddEvent(user models.Account, event, target, ip, ua string) {
-	writeEventQueue = append(writeEventQueue, models.ActionEvent{
 		Type:      event,
 		Target:    target,
 		IpAddress: ip,
 		UserAgent: ua,
 		AccountID: user.ID,
-	})
-}
-
-// AddAuditRecord to keep logs to make administrators' operations clear to query
-func AddAuditRecord(operator models.Account, act, ip, ua string, metadata map[string]any) {
-	writeAuditQueue = append(writeAuditQueue, models.AuditRecord{
-		Action:    act,
-		Metadata:  metadata,
-		IpAddress: ip,
-		UserAgent: ua,
-		AccountID: operator.ID,
-	})
-}
-
-// SaveEventChanges runs every 60 seconds to save events / audits changes into database
-func SaveEventChanges() {
-	if len(writeEventQueue) > 0 {
-		count := len(writeEventQueue)
-		database.C.CreateInBatches(writeEventQueue, min(count, 1000))
-		log.Info().Int("count", count).Msg("Saved action events changes into database...")
-		clear(writeEventQueue)
-	}
-	if len(writeAuditQueue) > 0 {
-		count := len(writeAuditQueue)
-		database.C.CreateInBatches(writeAuditQueue, min(count, 1000))
-		log.Info().Int("count", count).Msg("Saved audit records changes into database...")
-		clear(writeAuditQueue)
 	}
+
+	database.C.Save(&evt)
+
+	return evt
 }

pkg/main.go

@@ -70,7 +70,6 @@ func main() {
 	quartz.AddFunc("@every 60s", services.RecycleAuthContext)
 	quartz.AddFunc("@every 60m", services.RecycleUnConfirmAccount)
 	quartz.AddFunc("@every 5m", services.KexCleanup)
-	quartz.AddFunc("@every 60s", services.SaveEventChanges)
 	quartz.Start()
 
 	// Messages

settings.toml

@@ -44,10 +44,7 @@ dsn = "host=localhost user=postgres password=password dbname=hy_passport port=54
 prefix = "passport_"
 
 [permissions.default]
-CreatePost = true
+CreatePaperclipAttachments = 1048576
-CreateAttachments = 1048576
 
 [permissions.verified]
-CreateRealm = true
+CreatePaperclipAttachments = 26214400
-CreateArticle = true
-CreateAttachments = 26214400