✨ Bug fixes of permission check
This commit is contained in:
parent
8ae6292bf0
commit
73b57164ab
File diff suppressed because it is too large
Load Diff
@ -1,2 +1,2 @@
|
|||||||
#n:public
|
#n:public
|
||||||
!<md> [6992, 0, null, null, -2147483648, -2147483648]
|
!<md> [7186, 0, null, null, -2147483648, -2147483648]
|
||||||
|
32
.idea/workspace.xml
generated
32
.idea/workspace.xml
generated
@ -4,19 +4,12 @@
|
|||||||
<option name="autoReloadType" value="ALL" />
|
<option name="autoReloadType" value="ALL" />
|
||||||
</component>
|
</component>
|
||||||
<component name="ChangeListManager">
|
<component name="ChangeListManager">
|
||||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Permission check">
|
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":zap: In memory auth context cache">
|
||||||
|
<change beforePath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25.xml" afterDir="false" />
|
||||||
|
<change beforePath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25/storage_v2/_src_/database/hy_passport.gNOKQQ/schema/public.abK9xQ.meta" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/dataSources/74bcf3ef-a2b9-435b-b9e5-f32902a33b25/storage_v2/_src_/database/hy_passport.gNOKQQ/schema/public.abK9xQ.meta" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/go.mod" beforeDir="false" afterPath="$PROJECT_DIR$/go.mod" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/go.sum" beforeDir="false" afterPath="$PROJECT_DIR$/go.sum" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/cmd/main.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/cmd/main.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/database/source.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/database/source.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/models/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/models/auth.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/server/accounts_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/accounts_api.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/server/ui/personalize.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/ui/personalize.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/services/accounts.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/accounts.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/services/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/auth.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/services/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/auth.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/services/ticker_maintainer.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/ticker_maintainer.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/services/perms.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/services/perms.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/settings.toml" beforeDir="false" afterPath="$PROJECT_DIR$/settings.toml" afterDir="false" />
|
|
||||||
</list>
|
</list>
|
||||||
<option name="SHOW_DIALOG" value="false" />
|
<option name="SHOW_DIALOG" value="false" />
|
||||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||||
@ -54,7 +47,7 @@
|
|||||||
<component name="PropertiesComponent"><![CDATA[{
|
<component name="PropertiesComponent"><![CDATA[{
|
||||||
"keyToString": {
|
"keyToString": {
|
||||||
"DefaultGoTemplateProperty": "Go File",
|
"DefaultGoTemplateProperty": "Go File",
|
||||||
"Go 构建.Backend.executor": "Run",
|
"Go 构建.Backend.executor": "Debug",
|
||||||
"RunOnceActivity.ShowReadmeOnStart": "true",
|
"RunOnceActivity.ShowReadmeOnStart": "true",
|
||||||
"RunOnceActivity.go.formatter.settings.were.checked": "true",
|
"RunOnceActivity.go.formatter.settings.were.checked": "true",
|
||||||
"RunOnceActivity.go.migrated.go.modules.settings": "true",
|
"RunOnceActivity.go.migrated.go.modules.settings": "true",
|
||||||
@ -149,7 +142,6 @@
|
|||||||
</option>
|
</option>
|
||||||
</component>
|
</component>
|
||||||
<component name="VcsManagerConfiguration">
|
<component name="VcsManagerConfiguration">
|
||||||
<MESSAGE value=":sparkles: Personalize" />
|
|
||||||
<MESSAGE value=":sparkles: OAuth" />
|
<MESSAGE value=":sparkles: OAuth" />
|
||||||
<MESSAGE value=":truck: Update well known" />
|
<MESSAGE value=":truck: Update well known" />
|
||||||
<MESSAGE value=":sparkles: Others userinfo" />
|
<MESSAGE value=":sparkles: Others userinfo" />
|
||||||
@ -174,9 +166,21 @@
|
|||||||
<MESSAGE value=":bug: Fix notification push issue" />
|
<MESSAGE value=":bug: Fix notification push issue" />
|
||||||
<MESSAGE value=":sparkles: Basis perm nodes feature" />
|
<MESSAGE value=":sparkles: Basis perm nodes feature" />
|
||||||
<MESSAGE value=":sparkles: Permission check" />
|
<MESSAGE value=":sparkles: Permission check" />
|
||||||
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Permission check" />
|
<MESSAGE value=":zap: In memory auth context cache" />
|
||||||
|
<option name="LAST_COMMIT_MESSAGE" value=":zap: In memory auth context cache" />
|
||||||
</component>
|
</component>
|
||||||
<component name="VgoProject">
|
<component name="VgoProject">
|
||||||
<settings-migrated>true</settings-migrated>
|
<settings-migrated>true</settings-migrated>
|
||||||
</component>
|
</component>
|
||||||
|
<component name="XDebuggerManager">
|
||||||
|
<breakpoint-manager>
|
||||||
|
<breakpoints>
|
||||||
|
<line-breakpoint enabled="true" type="DlvLineBreakpoint">
|
||||||
|
<url>file://$PROJECT_DIR$/pkg/services/perms.go</url>
|
||||||
|
<line>49</line>
|
||||||
|
<option name="timeStamp" value="5" />
|
||||||
|
</line-breakpoint>
|
||||||
|
</breakpoints>
|
||||||
|
</breakpoint-manager>
|
||||||
|
</component>
|
||||||
</project>
|
</project>
|
@ -30,18 +30,7 @@ func Authenticate(access, refresh string, depth int) (user models.Account, perms
|
|||||||
newRefresh = refresh
|
newRefresh = refresh
|
||||||
|
|
||||||
var ctx models.AuthContext
|
var ctx models.AuthContext
|
||||||
|
if ctx, err = GetAuthContext(claims.ID); err == nil {
|
||||||
ctx, lookupErr := GetAuthContext(claims.ID)
|
|
||||||
if lookupErr == nil {
|
|
||||||
log.Debug().Str("jti", claims.ID).Msg("Hit auth context cache once!")
|
|
||||||
perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
|
|
||||||
user = ctx.Account
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx, err = GrantAuthContext(claims.ID)
|
|
||||||
if err == nil {
|
|
||||||
|
|
||||||
perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
|
perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
|
||||||
user = ctx.Account
|
user = ctx.Account
|
||||||
return
|
return
|
||||||
@ -61,14 +50,14 @@ func GetAuthContext(jti string) (models.AuthContext, error) {
|
|||||||
authContextCache[jti] = ctx
|
authContextCache[jti] = ctx
|
||||||
log.Debug().Str("jti", jti).Msg("Used an auth context cache")
|
log.Debug().Str("jti", jti).Msg("Used an auth context cache")
|
||||||
} else {
|
} else {
|
||||||
ctx, err = GrantAuthContext(jti)
|
ctx, err = CacheAuthContext(jti)
|
||||||
log.Debug().Str("jti", jti).Msg("Created a new auth context cache")
|
log.Debug().Str("jti", jti).Msg("Created a new auth context cache")
|
||||||
}
|
}
|
||||||
|
|
||||||
return ctx, err
|
return ctx, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func GrantAuthContext(jti string) (models.AuthContext, error) {
|
func CacheAuthContext(jti string) (models.AuthContext, error) {
|
||||||
var ctx models.AuthContext
|
var ctx models.AuthContext
|
||||||
|
|
||||||
// Query data from primary database
|
// Query data from primary database
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package services
|
package services
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"reflect"
|
"reflect"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
@ -45,8 +46,8 @@ func FilterPermNodes(tree map[string]any, claims []string) map[string]any {
|
|||||||
filteredTree := make(map[string]any)
|
filteredTree := make(map[string]any)
|
||||||
|
|
||||||
match := func(claim, permission string) bool {
|
match := func(claim, permission string) bool {
|
||||||
regex := strings.Replace(permission, "*", ".*", -1)
|
regex := strings.ReplaceAll(claim, "*", ".*")
|
||||||
match, _ := regexp.MatchString("^"+regex+"$", claim)
|
match, _ := regexp.MatchString(fmt.Sprintf("^%s$", regex), permission)
|
||||||
return match
|
return match
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user