Permission check

This commit is contained in:
LittleSheep 2024-05-17 19:24:14 +08:00
parent 7d3b804516
commit 4e4fbb8ba9
5 changed files with 50 additions and 33 deletions

55
.idea/workspace.xml generated
View File

@ -4,10 +4,7 @@
<option name="autoReloadType" value="ALL" /> <option name="autoReloadType" value="ALL" />
</component> </component>
<component name="ChangeListManager"> <component name="ChangeListManager">
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Basis perm nodes feature"> <list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Permission check" />
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/pkg/server/ws.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/ws.go" afterDir="false" />
</list>
<option name="SHOW_DIALOG" value="false" /> <option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" /> <option name="HIGHLIGHT_CONFLICTS" value="true" />
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" /> <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
@ -41,32 +38,32 @@
<option name="hideEmptyMiddlePackages" value="true" /> <option name="hideEmptyMiddlePackages" value="true" />
<option name="showLibraryContents" value="true" /> <option name="showLibraryContents" value="true" />
</component> </component>
<component name="PropertiesComponent">{ <component name="PropertiesComponent"><![CDATA[{
&quot;keyToString&quot;: { "keyToString": {
&quot;DefaultGoTemplateProperty&quot;: &quot;Go File&quot;, "DefaultGoTemplateProperty": "Go File",
&quot;Go 构建.Backend.executor&quot;: &quot;Run&quot;, "Go 构建.Backend.executor": "Run",
&quot;RunOnceActivity.ShowReadmeOnStart&quot;: &quot;true&quot;, "RunOnceActivity.ShowReadmeOnStart": "true",
&quot;RunOnceActivity.go.formatter.settings.were.checked&quot;: &quot;true&quot;, "RunOnceActivity.go.formatter.settings.were.checked": "true",
&quot;RunOnceActivity.go.migrated.go.modules.settings&quot;: &quot;true&quot;, "RunOnceActivity.go.migrated.go.modules.settings": "true",
&quot;RunOnceActivity.go.modules.automatic.dependencies.download&quot;: &quot;true&quot;, "RunOnceActivity.go.modules.automatic.dependencies.download": "true",
&quot;RunOnceActivity.go.modules.go.list.on.any.changes.was.set&quot;: &quot;true&quot;, "RunOnceActivity.go.modules.go.list.on.any.changes.was.set": "true",
&quot;git-widget-placeholder&quot;: &quot;master&quot;, "git-widget-placeholder": "master",
&quot;go.import.settings.migrated&quot;: &quot;true&quot;, "go.import.settings.migrated": "true",
&quot;go.sdk.automatically.set&quot;: &quot;true&quot;, "go.sdk.automatically.set": "true",
&quot;last_opened_file_path&quot;: &quot;/Users/littlesheep/Documents/Projects/Hydrogen/Passport/pkg/server/ui&quot;, "last_opened_file_path": "/Users/littlesheep/Documents/Projects/Hydrogen/Passport/pkg/server/ui",
&quot;node.js.detected.package.eslint&quot;: &quot;true&quot;, "node.js.detected.package.eslint": "true",
&quot;node.js.selected.package.eslint&quot;: &quot;(autodetect)&quot;, "node.js.selected.package.eslint": "(autodetect)",
&quot;nodejs_package_manager_path&quot;: &quot;npm&quot;, "nodejs_package_manager_path": "npm",
&quot;run.code.analysis.last.selected.profile&quot;: &quot;pProject Default&quot;, "run.code.analysis.last.selected.profile": "pProject Default",
&quot;settings.editor.selected.configurable&quot;: &quot;preferences.lookFeel&quot;, "settings.editor.selected.configurable": "preferences.lookFeel",
&quot;vue.rearranger.settings.migration&quot;: &quot;true&quot; "vue.rearranger.settings.migration": "true"
}, },
&quot;keyToStringList&quot;: { "keyToStringList": {
&quot;DatabaseDriversLRU&quot;: [ "DatabaseDriversLRU": [
&quot;postgresql&quot; "postgresql"
] ]
} }
}</component> }]]></component>
<component name="RecentsManager"> <component name="RecentsManager">
<key name="CopyFile.RECENT_KEYS"> <key name="CopyFile.RECENT_KEYS">
<recent name="$PROJECT_DIR$/pkg/server/ui" /> <recent name="$PROJECT_DIR$/pkg/server/ui" />
@ -139,7 +136,6 @@
</option> </option>
</component> </component>
<component name="VcsManagerConfiguration"> <component name="VcsManagerConfiguration">
<MESSAGE value=":sparkles: User center page" />
<MESSAGE value=":sparkles: Personalize" /> <MESSAGE value=":sparkles: Personalize" />
<MESSAGE value=":sparkles: OAuth" /> <MESSAGE value=":sparkles: OAuth" />
<MESSAGE value=":truck: Update well known" /> <MESSAGE value=":truck: Update well known" />
@ -164,7 +160,8 @@
<MESSAGE value=":bug: Fix key exchange cause echo" /> <MESSAGE value=":bug: Fix key exchange cause echo" />
<MESSAGE value=":bug: Fix notification push issue" /> <MESSAGE value=":bug: Fix notification push issue" />
<MESSAGE value=":sparkles: Basis perm nodes feature" /> <MESSAGE value=":sparkles: Basis perm nodes feature" />
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Basis perm nodes feature" /> <MESSAGE value=":sparkles: Permission check" />
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Permission check" />
</component> </component>
<component name="VgoProject"> <component name="VgoProject">
<settings-migrated>true</settings-migrated> <settings-migrated>true</settings-migrated>

View File

@ -46,8 +46,8 @@ func listAvailableRealm(c *fiber.Ctx) error {
func createRealm(c *fiber.Ctx) error { func createRealm(c *fiber.Ctx) error {
user := c.Locals("principal").(models.Account) user := c.Locals("principal").(models.Account)
if user.PowerLevel < 10 { if err := utils.CheckPermissions(c, "CreateRealms", true); err != nil {
return fiber.NewError(fiber.StatusForbidden, "require power level 10 to create realms") return err
} }
var data struct { var data struct {

View File

@ -104,7 +104,7 @@ func ConfirmAccount(code string) error {
for k, v := range viper.GetStringMap("permissions.verified") { for k, v := range viper.GetStringMap("permissions.verified") {
if val, ok := user.PermNodes[k]; !ok { if val, ok := user.PermNodes[k]; !ok {
user.PermNodes[k] = v user.PermNodes[k] = v
} else if !HasPermNode(val, v) { } else if !ComparePermNode(val, v) {
user.PermNodes[k] = v user.PermNodes[k] = v
} }
} }

View File

@ -6,7 +6,14 @@ import (
"strings" "strings"
) )
func HasPermNode(held any, required any) bool { func HasPermNode(perms map[string]any, requiredKey string, requiredValue any) bool {
if heldValue, ok := perms[requiredKey]; ok {
return ComparePermNode(heldValue, requiredValue)
}
return false
}
func ComparePermNode(held any, required any) bool {
heldValue := reflect.ValueOf(held) heldValue := reflect.ValueOf(held)
requiredValue := reflect.ValueOf(required) requiredValue := reflect.ValueOf(required)

View File

@ -1,6 +1,8 @@
package utils package utils
import ( import (
"fmt"
"git.solsynth.dev/hydrogen/passport/pkg/services"
"github.com/go-playground/validator/v10" "github.com/go-playground/validator/v10"
"github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2"
"github.com/samber/lo" "github.com/samber/lo"
@ -19,6 +21,17 @@ func BindAndValidate(c *fiber.Ctx, out any) error {
return nil return nil
} }
func GetPermissions(c *fiber.Ctx) map[string]any {
return c.Locals("permissions").(map[string]any)
}
func CheckPermissions(c *fiber.Ctx, key string, val any) error {
if !services.HasPermNode(GetPermissions(c), key, val) {
return fiber.NewError(fiber.StatusForbidden, fmt.Sprintf("requires permission: %s = %v", key, val))
}
return nil
}
func GetRedirectUri(c *fiber.Ctx, fallback ...string) *string { func GetRedirectUri(c *fiber.Ctx, fallback ...string) *string {
if len(c.Query("redirect_uri")) > 0 { if len(c.Query("redirect_uri")) > 0 {
return lo.ToPtr(c.Query("redirect_uri")) return lo.ToPtr(c.Query("redirect_uri"))