✨ Bots aka. automated accounts
This commit is contained in:
parent
8f61253bd3
commit
b22657d09f
@ -4,19 +4,15 @@
|
|||||||
<option name="autoReloadType" value="ALL" />
|
<option name="autoReloadType" value="ALL" />
|
||||||
</component>
|
</component>
|
||||||
<component name="ChangeListManager">
|
<component name="ChangeListManager">
|
||||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":card_file_box: Update modeling">
|
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Bot token aka. API token">
|
||||||
<change afterPath="$PROJECT_DIR$/pkg/internal/models/bot.go" afterDir="false" />
|
<change afterPath="$PROJECT_DIR$/pkg/internal/server/api/bots_api.go" afterDir="false" />
|
||||||
<change afterPath="$PROJECT_DIR$/pkg/internal/server/api/bot_token_api.go" afterDir="false" />
|
<change afterPath="$PROJECT_DIR$/pkg/internal/services/bots.go" afterDir="false" />
|
||||||
<change afterPath="$PROJECT_DIR$/pkg/internal/services/bot_token.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/models/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/models/auth.go" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/server/api/index.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/index.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/server/api/index.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/index.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/server/api/oauth_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/oauth_api.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/server/api/notify_api.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/server/api/notify_api.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/services/encryptor.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/encrypt.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/services/bot_token.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/bot_token.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/services/mfa.go" beforeDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/services/clients.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/clients.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/services/ticker_maintainer.go" beforeDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/services/ticket.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/ticket.go" afterDir="false" />
|
<change beforePath="$PROJECT_DIR$/pkg/internal/services/ticket.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/ticket.go" afterDir="false" />
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/internal/services/ticket_token.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/internal/services/ticket_token.go" afterDir="false" />
|
|
||||||
</list>
|
</list>
|
||||||
<option name="SHOW_DIALOG" value="false" />
|
<option name="SHOW_DIALOG" value="false" />
|
||||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||||
@ -163,7 +159,6 @@
|
|||||||
</option>
|
</option>
|
||||||
</component>
|
</component>
|
||||||
<component name="VcsManagerConfiguration">
|
<component name="VcsManagerConfiguration">
|
||||||
<MESSAGE value=":sparkles: Admin check users' auth factor" />
|
|
||||||
<MESSAGE value=":sparkles: Admin panel & users, users' permissions management" />
|
<MESSAGE value=":sparkles: Admin panel & users, users' permissions management" />
|
||||||
<MESSAGE value=":bug: Fix clear function doesn't real clear items in slice" />
|
<MESSAGE value=":bug: Fix clear function doesn't real clear items in slice" />
|
||||||
<MESSAGE value=":sparkles: View auth factors" />
|
<MESSAGE value=":sparkles: View auth factors" />
|
||||||
@ -188,7 +183,8 @@
|
|||||||
<MESSAGE value=":arrow_up: Implement list user relative grpc function" />
|
<MESSAGE value=":arrow_up: Implement list user relative grpc function" />
|
||||||
<MESSAGE value=":alien: Change avatar and banner id to string" />
|
<MESSAGE value=":alien: Change avatar and banner id to string" />
|
||||||
<MESSAGE value=":card_file_box: Update modeling" />
|
<MESSAGE value=":card_file_box: Update modeling" />
|
||||||
<option name="LAST_COMMIT_MESSAGE" value=":card_file_box: Update modeling" />
|
<MESSAGE value=":sparkles: Bot token aka. API token" />
|
||||||
|
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Bot token aka. API token" />
|
||||||
</component>
|
</component>
|
||||||
<component name="VgoProject">
|
<component name="VgoProject">
|
||||||
<settings-migrated>true</settings-migrated>
|
<settings-migrated>true</settings-migrated>
|
||||||
|
90
pkg/internal/server/api/bots_api.go
Normal file
90
pkg/internal/server/api/bots_api.go
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
package api
|
||||||
|
|
||||||
|
import (
|
||||||
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
|
||||||
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
||||||
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
|
||||||
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/services"
|
||||||
|
"github.com/gofiber/fiber/v2"
|
||||||
|
"github.com/samber/lo"
|
||||||
|
"gorm.io/datatypes"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
func listBots(c *fiber.Ctx) error {
|
||||||
|
if err := exts.EnsureAuthenticated(c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
user := c.Locals("user").(models.Account)
|
||||||
|
|
||||||
|
var bots []models.Account
|
||||||
|
if err := database.C.Where("automated_id = ?", user.AutomatedID).Find(&bots).Error; err != nil {
|
||||||
|
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(bots)
|
||||||
|
}
|
||||||
|
|
||||||
|
func createBot(c *fiber.Ctx) error {
|
||||||
|
if err := exts.EnsureAuthenticated(c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
user := c.Locals("user").(models.Account)
|
||||||
|
|
||||||
|
cnt, _ := services.GetBotCount(user)
|
||||||
|
if err := exts.EnsureGrantedPerm(c, "CreateBots", cnt+1); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
var data struct {
|
||||||
|
Name string `json:"name" validate:"required,lowercase,alphanum,min=4,max=16"`
|
||||||
|
Nick string `json:"nick" validate:"required"`
|
||||||
|
Description string `json:"description"`
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := exts.BindAndValidate(c, &data); err != nil {
|
||||||
|
return err
|
||||||
|
} else {
|
||||||
|
data.Name = strings.TrimSpace(data.Name)
|
||||||
|
data.Nick = strings.TrimSpace(data.Nick)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !services.ValidateAccountName(data.Nick, 4, 24) {
|
||||||
|
return fiber.NewError(fiber.StatusBadRequest, "invalid bot nick, length requires 4 to 24")
|
||||||
|
}
|
||||||
|
|
||||||
|
bot, err := services.NewBot(user, models.Account{
|
||||||
|
Name: data.Name,
|
||||||
|
Nick: data.Nick,
|
||||||
|
Description: data.Description,
|
||||||
|
ConfirmedAt: lo.ToPtr(time.Now()),
|
||||||
|
PermNodes: datatypes.JSONMap{},
|
||||||
|
})
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
return fiber.NewError(fiber.StatusBadRequest, err.Error())
|
||||||
|
} else {
|
||||||
|
return c.JSON(bot)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func deleteBot(c *fiber.Ctx) error {
|
||||||
|
if err := exts.EnsureAuthenticated(c); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
user := c.Locals("user").(models.Account)
|
||||||
|
|
||||||
|
id, _ := c.ParamsInt("id", 0)
|
||||||
|
|
||||||
|
var bot models.Account
|
||||||
|
if err := database.C.Where("id = ? AND automated_id = ?", id, user.ID).First(&bot).Error; err != nil {
|
||||||
|
return fiber.NewError(fiber.StatusNotFound, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := services.DeleteAccount(bot.ID); err != nil {
|
||||||
|
return fiber.NewError(fiber.StatusInternalServerError, err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(bot)
|
||||||
|
}
|
@ -101,6 +101,13 @@ func MapAPIs(app *fiber.App, baseURL string) {
|
|||||||
{
|
{
|
||||||
developers.Post("/notify", notifyUser)
|
developers.Post("/notify", notifyUser)
|
||||||
|
|
||||||
|
bots := developers.Group("/bots").Name("Bots")
|
||||||
|
{
|
||||||
|
bots.Get("/", listBots)
|
||||||
|
bots.Post("/", createBot)
|
||||||
|
bots.Delete("/:id", deleteBot)
|
||||||
|
}
|
||||||
|
|
||||||
keys := developers.Group("/keys").Name("Keys")
|
keys := developers.Group("/keys").Name("Keys")
|
||||||
{
|
{
|
||||||
keys.Get("/", listBotKeys)
|
keys.Get("/", listBotKeys)
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package api
|
package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
|
||||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/services"
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/services"
|
||||||
@ -8,32 +9,36 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func notifyUser(c *fiber.Ctx) error {
|
func notifyUser(c *fiber.Ctx) error {
|
||||||
|
if err := exts.EnsureGrantedPerm(c, "DevNotifyUser", true); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
user := c.Locals("user").(models.Account)
|
||||||
|
|
||||||
var data struct {
|
var data struct {
|
||||||
ClientID string `json:"client_id" validate:"required"`
|
ClientID string `json:"client_id" validate:"required"`
|
||||||
ClientSecret string `json:"client_secret" validate:"required"`
|
Topic string `json:"type" validate:"required"`
|
||||||
Topic string `json:"type" validate:"required"`
|
Title string `json:"subject" validate:"required,max=1024"`
|
||||||
Title string `json:"subject" validate:"required,max=1024"`
|
Subtitle *string `json:"subtitle" validate:"max=1024"`
|
||||||
Subtitle *string `json:"subtitle" validate:"max=1024"`
|
Body string `json:"content" validate:"required,max=4096"`
|
||||||
Body string `json:"content" validate:"required,max=4096"`
|
Metadata map[string]any `json:"metadata"`
|
||||||
Metadata map[string]any `json:"metadata"`
|
Avatar *string `json:"avatar"`
|
||||||
Avatar *string `json:"avatar"`
|
Picture *string `json:"picture"`
|
||||||
Picture *string `json:"picture"`
|
IsForcePush bool `json:"is_force_push"`
|
||||||
IsForcePush bool `json:"is_force_push"`
|
IsRealtime bool `json:"is_realtime"`
|
||||||
IsRealtime bool `json:"is_realtime"`
|
UserID uint `json:"user_id" validate:"required"`
|
||||||
UserID uint `json:"user_id" validate:"required"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := exts.BindAndValidate(c, &data); err != nil {
|
if err := exts.BindAndValidate(c, &data); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
client, err := services.GetThirdClientWithSecret(data.ClientID, data.ClientSecret)
|
client, err := services.GetThirdClientWithUser(data.ClientID, user.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fiber.NewError(fiber.StatusForbidden, err.Error())
|
return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("unable to get client: %v", err))
|
||||||
}
|
}
|
||||||
|
|
||||||
var user models.Account
|
var target models.Account
|
||||||
if user, err = services.GetAccount(data.UserID); err != nil {
|
if target, err = services.GetAccount(data.UserID); err != nil {
|
||||||
return fiber.NewError(fiber.StatusNotFound, err.Error())
|
return fiber.NewError(fiber.StatusNotFound, err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -47,7 +52,7 @@ func notifyUser(c *fiber.Ctx) error {
|
|||||||
Picture: data.Picture,
|
Picture: data.Picture,
|
||||||
IsRealtime: data.IsRealtime,
|
IsRealtime: data.IsRealtime,
|
||||||
IsForcePush: data.IsForcePush,
|
IsForcePush: data.IsForcePush,
|
||||||
AccountID: user.ID,
|
AccountID: target.ID,
|
||||||
SenderID: &client.ID,
|
SenderID: &client.ID,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -42,7 +42,7 @@ func RollApiKey(key models.ApiKey) (models.ApiKey, error) {
|
|||||||
return key, err
|
return key, err
|
||||||
}
|
}
|
||||||
|
|
||||||
ticket, err := RotateTicket(ticket)
|
ticket, err := RotateTicket(ticket, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return key, err
|
return key, err
|
||||||
} else {
|
} else {
|
||||||
|
24
pkg/internal/services/bots.go
Normal file
24
pkg/internal/services/bots.go
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
package services
|
||||||
|
|
||||||
|
import (
|
||||||
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
|
||||||
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
||||||
|
)
|
||||||
|
|
||||||
|
func GetBotCount(user models.Account) (int64, error) {
|
||||||
|
var count int64
|
||||||
|
if err := database.C.Where("automated_id = ?", user.ID).Count(&count).Error; err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
return count, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewBot(user models.Account, bot models.Account) (models.Account, error) {
|
||||||
|
bot.AutomatedBy = &user
|
||||||
|
bot.AutomatedID = &user.ID
|
||||||
|
|
||||||
|
if err := database.C.Save(&bot).Error; err != nil {
|
||||||
|
return bot, err
|
||||||
|
}
|
||||||
|
return bot, nil
|
||||||
|
}
|
@ -18,6 +18,18 @@ func GetThirdClient(id string) (models.ThirdClient, error) {
|
|||||||
return client, nil
|
return client, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func GetThirdClientWithUser(id string, userId uint) (models.ThirdClient, error) {
|
||||||
|
var client models.ThirdClient
|
||||||
|
if err := database.C.Where(&models.ThirdClient{
|
||||||
|
Alias: id,
|
||||||
|
AccountID: &userId,
|
||||||
|
}).First(&client).Error; err != nil {
|
||||||
|
return client, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return client, nil
|
||||||
|
}
|
||||||
|
|
||||||
func GetThirdClientWithSecret(id, secret string) (models.ThirdClient, error) {
|
func GetThirdClientWithSecret(id, secret string) (models.ThirdClient, error) {
|
||||||
client, err := GetThirdClient(id)
|
client, err := GetThirdClient(id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -147,10 +147,13 @@ func ActiveTicketWithMFA(ticket models.AuthTicket, factor models.AuthFactor, cod
|
|||||||
return ticket, nil
|
return ticket, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func RotateTicket(ticket models.AuthTicket) (models.AuthTicket, error) {
|
func RotateTicket(ticket models.AuthTicket, fullyRestart ...bool) (models.AuthTicket, error) {
|
||||||
ticket.GrantToken = lo.ToPtr(uuid.NewString())
|
ticket.GrantToken = lo.ToPtr(uuid.NewString())
|
||||||
ticket.AccessToken = lo.ToPtr(uuid.NewString())
|
ticket.AccessToken = lo.ToPtr(uuid.NewString())
|
||||||
ticket.RefreshToken = lo.ToPtr(uuid.NewString())
|
ticket.RefreshToken = lo.ToPtr(uuid.NewString())
|
||||||
|
if len(fullyRestart) > 0 && fullyRestart[0] {
|
||||||
|
ticket.LastGrantAt = nil
|
||||||
|
}
|
||||||
err := database.C.Save(&ticket).Error
|
err := database.C.Save(&ticket).Error
|
||||||
return ticket, err
|
return ticket, err
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user