♻️ Single table to store auth preferences
This commit is contained in:
parent
9287e6c5cc
commit
39c3799d82
@ -4,12 +4,14 @@
|
|||||||
<option name="autoReloadType" value="ALL" />
|
<option name="autoReloadType" value="ALL" />
|
||||||
</component>
|
</component>
|
||||||
<component name="ChangeListManager">
|
<component name="ChangeListManager">
|
||||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Account deletion">
|
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Auth config to limit auth steps">
|
||||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/pkg/internal/database/migrator.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/database/migrator.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/models/accounts.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/models/accounts.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/models/accounts.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/models/accounts.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/models/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/models/auth.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/models/preferences.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/models/preferences.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/server/api/index.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/index.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/server/api/index.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/index.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/server/api/preferences_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/preferences_api.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/server/api/preferences_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/preferences_api.go" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/pkg/internal/services/preferences.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/preferences.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/services/ticket.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/ticket.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/services/ticket.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/ticket.go" afterDir="false" />
|
||||||
</list>
|
</list>
|
||||||
<option name="SHOW_DIALOG" value="false" />
|
<option name="SHOW_DIALOG" value="false" />
|
||||||
@ -144,7 +146,7 @@
|
|||||||
<entry key="branch">
|
<entry key="branch">
|
||||||
<value>
|
<value>
|
||||||
<list>
|
<list>
|
||||||
<option value="refactor/v2" />
|
<option value="master" />
|
||||||
</list>
|
</list>
|
||||||
</value>
|
</value>
|
||||||
</entry>
|
</entry>
|
||||||
@ -157,7 +159,6 @@
|
|||||||
</option>
|
</option>
|
||||||
</component>
|
</component>
|
||||||
<component name="VcsManagerConfiguration">
|
<component name="VcsManagerConfiguration">
|
||||||
<MESSAGE value=":sparkles: Bot token aka. API token" />
|
|
||||||
<MESSAGE value=":sparkles: Bots aka. automated accounts" />
|
<MESSAGE value=":sparkles: Bots aka. automated accounts" />
|
||||||
<MESSAGE value=":sparkles: Return affiliated to and automated by in userinfo grpc call" />
|
<MESSAGE value=":sparkles: Return affiliated to and automated by in userinfo grpc call" />
|
||||||
<MESSAGE value=":sparkles: Pagination bots api" />
|
<MESSAGE value=":sparkles: Pagination bots api" />
|
||||||
@ -182,7 +183,8 @@
|
|||||||
<MESSAGE value=":bug: Fix daily sign random panic" />
|
<MESSAGE value=":bug: Fix daily sign random panic" />
|
||||||
<MESSAGE value=":sparkles: Realm avatar, banner and access policy" />
|
<MESSAGE value=":sparkles: Realm avatar, banner and access policy" />
|
||||||
<MESSAGE value=":sparkles: Account deletion" />
|
<MESSAGE value=":sparkles: Account deletion" />
|
||||||
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Account deletion" />
|
<MESSAGE value=":sparkles: Auth config to limit auth steps" />
|
||||||
|
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Auth config to limit auth steps" />
|
||||||
</component>
|
</component>
|
||||||
<component name="VgoProject">
|
<component name="VgoProject">
|
||||||
<settings-migrated>true</settings-migrated>
|
<settings-migrated>true</settings-migrated>
|
||||||
|
@ -27,6 +27,7 @@ var AutoMaintainRange = []any{
|
|||||||
&models.ApiKey{},
|
&models.ApiKey{},
|
||||||
&models.SignRecord{},
|
&models.SignRecord{},
|
||||||
&models.PreferenceNotification{},
|
&models.PreferenceNotification{},
|
||||||
|
&models.PreferenceAuth{},
|
||||||
&models.AbuseReport{},
|
&models.AbuseReport{},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -12,15 +12,14 @@ import (
|
|||||||
type Account struct {
|
type Account struct {
|
||||||
BaseModel
|
BaseModel
|
||||||
|
|
||||||
Name string `json:"name" gorm:"uniqueIndex"`
|
Name string `json:"name" gorm:"uniqueIndex"`
|
||||||
Nick string `json:"nick"`
|
Nick string `json:"nick"`
|
||||||
Description string `json:"description"`
|
Description string `json:"description"`
|
||||||
Avatar *string `json:"avatar"`
|
Avatar *string `json:"avatar"`
|
||||||
Banner *string `json:"banner"`
|
Banner *string `json:"banner"`
|
||||||
ConfirmedAt *time.Time `json:"confirmed_at"`
|
ConfirmedAt *time.Time `json:"confirmed_at"`
|
||||||
SuspendedAt *time.Time `json:"suspended_at"`
|
SuspendedAt *time.Time `json:"suspended_at"`
|
||||||
PermNodes datatypes.JSONMap `json:"perm_nodes"`
|
PermNodes datatypes.JSONMap `json:"perm_nodes"`
|
||||||
AuthConfig datatypes.JSONType[AuthConfig] `json:"auth_config"`
|
|
||||||
|
|
||||||
AutomatedBy *Account `json:"automated_by" gorm:"foreignKey:AutomatedID"`
|
AutomatedBy *Account `json:"automated_by" gorm:"foreignKey:AutomatedID"`
|
||||||
AutomatedID *uint `json:"automated_id"`
|
AutomatedID *uint `json:"automated_id"`
|
||||||
|
@ -2,6 +2,14 @@ package models
|
|||||||
|
|
||||||
import "gorm.io/datatypes"
|
import "gorm.io/datatypes"
|
||||||
|
|
||||||
|
type PreferenceAuth struct {
|
||||||
|
BaseModel
|
||||||
|
|
||||||
|
Config datatypes.JSONType[AuthConfig] `json:"config"`
|
||||||
|
AccountID uint `json:"account_id"`
|
||||||
|
Account Account `json:"account"`
|
||||||
|
}
|
||||||
|
|
||||||
type PreferenceNotification struct {
|
type PreferenceNotification struct {
|
||||||
BaseModel
|
BaseModel
|
||||||
|
|
||||||
|
@ -26,8 +26,8 @@ func MapAPIs(app *fiber.App, baseURL string) {
|
|||||||
|
|
||||||
preferences := api.Group("/preferences").Name("Preferences API")
|
preferences := api.Group("/preferences").Name("Preferences API")
|
||||||
{
|
{
|
||||||
preferences.Get("/auth", getAuthConfig)
|
preferences.Get("/auth", getAuthPreference)
|
||||||
preferences.Put("/auth", updateAuthConfig)
|
preferences.Put("/auth", updateAuthPreference)
|
||||||
preferences.Get("/notifications", getNotificationPreference)
|
preferences.Get("/notifications", getNotificationPreference)
|
||||||
preferences.Put("/notifications", updateNotificationPreference)
|
preferences.Put("/notifications", updateNotificationPreference)
|
||||||
}
|
}
|
||||||
|
@ -1,24 +1,27 @@
|
|||||||
package api
|
package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
|
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/services"
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/services"
|
||||||
"github.com/gofiber/fiber/v2"
|
"github.com/gofiber/fiber/v2"
|
||||||
"gorm.io/datatypes"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func getAuthConfig(c *fiber.Ctx) error {
|
func getAuthPreference(c *fiber.Ctx) error {
|
||||||
if err := exts.EnsureAuthenticated(c); err != nil {
|
if err := exts.EnsureAuthenticated(c); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
user := c.Locals("user").(models.Account)
|
user := c.Locals("user").(models.Account)
|
||||||
|
|
||||||
return c.JSON(user.AuthConfig)
|
cfg, err := services.GetAuthPreference(user)
|
||||||
|
if err != nil {
|
||||||
|
return fiber.NewError(fiber.StatusNotFound, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(cfg.Config)
|
||||||
}
|
}
|
||||||
|
|
||||||
func updateAuthConfig(c *fiber.Ctx) error {
|
func updateAuthPreference(c *fiber.Ctx) error {
|
||||||
if err := exts.EnsureAuthenticated(c); err != nil {
|
if err := exts.EnsureAuthenticated(c); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -29,15 +32,12 @@ func updateAuthConfig(c *fiber.Ctx) error {
|
|||||||
return fiber.NewError(fiber.StatusBadRequest, err.Error())
|
return fiber.NewError(fiber.StatusBadRequest, err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
user.AuthConfig = datatypes.NewJSONType(data)
|
cfg, err := services.UpdateAuthPreference(user, data)
|
||||||
|
if err != nil {
|
||||||
if err := database.C.Save(&user).Error; err != nil {
|
return fiber.NewError(fiber.StatusBadRequest, err.Error())
|
||||||
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
|
||||||
} else {
|
|
||||||
services.InvalidAuthCacheWithUser(user.ID)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.JSON(user.AuthConfig)
|
return c.JSON(cfg.Config)
|
||||||
}
|
}
|
||||||
|
|
||||||
func getNotificationPreference(c *fiber.Ctx) error {
|
func getNotificationPreference(c *fiber.Ctx) error {
|
||||||
|
@ -17,6 +17,31 @@ import (
|
|||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func GetAuthPreference(account models.Account) (models.PreferenceAuth, error) {
|
||||||
|
var auth models.PreferenceAuth
|
||||||
|
if err := database.C.Where("account_id = ?", account.ID).First(&auth).Error; err != nil {
|
||||||
|
return auth, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return auth, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func UpdateAuthPreference(account models.Account, config models.AuthConfig) (models.PreferenceAuth, error) {
|
||||||
|
var auth models.PreferenceAuth
|
||||||
|
var err error
|
||||||
|
if auth, err = GetAuthPreference(account); err != nil {
|
||||||
|
auth = models.PreferenceAuth{
|
||||||
|
AccountID: account.ID,
|
||||||
|
Config: datatypes.NewJSONType(config),
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
auth.Config = datatypes.NewJSONType(config)
|
||||||
|
}
|
||||||
|
|
||||||
|
err = database.C.Save(&auth).Error
|
||||||
|
return auth, err
|
||||||
|
}
|
||||||
|
|
||||||
func GetNotificationPreferenceCacheKey(accountId uint) string {
|
func GetNotificationPreferenceCacheKey(accountId uint) string {
|
||||||
return fmt.Sprintf("notification-preference#%d", accountId)
|
return fmt.Sprintf("notification-preference#%d", accountId)
|
||||||
}
|
}
|
||||||
|
@ -32,8 +32,8 @@ func DetectRisk(user models.Account, ip, ua string) int {
|
|||||||
return 2
|
return 2
|
||||||
}
|
}
|
||||||
|
|
||||||
// PickTicketAttempt is trying to pick up the ticket that haven't completed but created by a same client (identify by ip address).
|
// PickTicketAttempt is trying to pick up the ticket that hasn't completed but created by a same client (identify by ip address).
|
||||||
// Then the client can continue their journey to get ticket actived.
|
// Then the client can continue their journey to get ticket activated.
|
||||||
func PickTicketAttempt(user models.Account, ip string) (models.AuthTicket, error) {
|
func PickTicketAttempt(user models.Account, ip string) (models.AuthTicket, error) {
|
||||||
var ticket models.AuthTicket
|
var ticket models.AuthTicket
|
||||||
if err := database.C.
|
if err := database.C.
|
||||||
@ -54,10 +54,11 @@ func NewTicket(user models.Account, ip, ua string) (models.AuthTicket, error) {
|
|||||||
if count := CountUserFactor(user.ID); count <= 0 {
|
if count := CountUserFactor(user.ID); count <= 0 {
|
||||||
return ticket, fmt.Errorf("specified user didn't enable sign in")
|
return ticket, fmt.Errorf("specified user didn't enable sign in")
|
||||||
} else {
|
} else {
|
||||||
cfg := user.AuthConfig.Data()
|
|
||||||
steps = min(steps, int(count))
|
steps = min(steps, int(count))
|
||||||
if cfg.MaximumAuthSteps >= 1 {
|
|
||||||
steps = min(steps, cfg.MaximumAuthSteps)
|
cfg, err := GetAuthPreference(user)
|
||||||
|
if err == nil && cfg.Config.Data().MaximumAuthSteps >= 1 {
|
||||||
|
steps = min(steps, cfg.Config.Data().MaximumAuthSteps)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user