From 2c8ab28efe9da84f75c4b5e1af8d9fa3101d33f9 Mon Sep 17 00:00:00 2001 From: uubulb Date: Mon, 16 Dec 2024 23:38:31 +0800 Subject: [PATCH] update --- cmd/dashboard/controller/controller.go | 15 +++++++++----- .../controller/notification_group.go | 6 +++--- cmd/dashboard/controller/server.go | 20 +++++++++++++++++-- cmd/dashboard/controller/service.go | 3 +++ model/common.go | 5 +++++ model/server_group_api.go | 6 ------ 6 files changed, 39 insertions(+), 16 deletions(-) diff --git a/cmd/dashboard/controller/controller.go b/cmd/dashboard/controller/controller.go index 3b0225c..333b632 100644 --- a/cmd/dashboard/controller/controller.go +++ b/cmd/dashboard/controller/controller.go @@ -59,7 +59,7 @@ func routers(r *gin.Engine, frontendDist fs.FS) { optionalAuth := api.Group("", optionalAuthMiddleware(authMiddleware)) optionalAuth.GET("/ws/server", commonHandler(serverStream)) - optionalAuth.GET("/server-group", listHandler(listServerGroup)) + optionalAuth.GET("/server-group", commonHandler(listServerGroup)) optionalAuth.GET("/service", commonHandler(showService)) optionalAuth.GET("/service/:id", commonHandler(listServiceHistory)) @@ -83,7 +83,7 @@ func routers(r *gin.Engine, frontendDist fs.FS) { auth.POST("/user", commonHandler(createUser)) auth.POST("/batch-delete/user", commonHandler(batchDeleteUser)) - auth.GET("/service/list", commonHandler(listService)) + auth.GET("/service/list", listHandler(listService)) auth.POST("/service", commonHandler(createService)) auth.PATCH("/service/:id", commonHandler(updateService)) auth.POST("/batch-delete/service", commonHandler(batchDeleteService)) @@ -97,17 +97,17 @@ func routers(r *gin.Engine, frontendDist fs.FS) { auth.PATCH("/notification-group/:id", commonHandler(updateNotificationGroup)) auth.POST("/batch-delete/notification-group", commonHandler(batchDeleteNotificationGroup)) - auth.GET("/server", commonHandler(listServer)) + auth.GET("/server", listHandler(listServer)) auth.PATCH("/server/:id", commonHandler(updateServer)) auth.POST("/batch-delete/server", commonHandler(batchDeleteServer)) auth.POST("/force-update/server", commonHandler(forceUpdateServer)) - auth.GET("/notification", commonHandler(listNotification)) + auth.GET("/notification", listHandler(listNotification)) auth.POST("/notification", commonHandler(createNotification)) auth.PATCH("/notification/:id", commonHandler(updateNotification)) auth.POST("/batch-delete/notification", commonHandler(batchDeleteNotification)) - auth.GET("/alert-rule", commonHandler(listAlertRule)) + auth.GET("/alert-rule", listHandler(listAlertRule)) auth.POST("/alert-rule", commonHandler(createAlertRule)) auth.PATCH("/alert-rule/:id", commonHandler(updateAlertRule)) auth.POST("/batch-delete/alert-rule", commonHandler(batchDeleteAlertRule)) @@ -231,6 +231,11 @@ func filter[S ~[]E, E model.CommonInterface](ctx *gin.Context, s S) S { }) } +func getUid(c *gin.Context) uint64 { + user, _ := c.MustGet(model.CtxKeyAuthorizedUser).(*model.User) + return user.ID +} + func fallbackToFrontend(frontendDist fs.FS) func(*gin.Context) { checkLocalFileOrFs := func(c *gin.Context, fs fs.FS, path string) bool { if _, err := os.Stat(path); err == nil { diff --git a/cmd/dashboard/controller/notification_group.go b/cmd/dashboard/controller/notification_group.go index 2e74dba..310e6bf 100644 --- a/cmd/dashboard/controller/notification_group.go +++ b/cmd/dashboard/controller/notification_group.go @@ -20,7 +20,7 @@ import ( // @Produce json // @Success 200 {object} model.CommonResponse[[]model.NotificationGroupResponseItem] // @Router /notification-group [get] -func listNotificationGroup(c *gin.Context) ([]model.NotificationGroupResponseItem, error) { +func listNotificationGroup(c *gin.Context) ([]*model.NotificationGroupResponseItem, error) { var ng []model.NotificationGroup if err := singleton.DB.Find(&ng).Error; err != nil { return nil, err @@ -39,9 +39,9 @@ func listNotificationGroup(c *gin.Context) ([]model.NotificationGroupResponseIte groupNotifications[n.NotificationGroupID] = append(groupNotifications[n.NotificationGroupID], n.NotificationID) } - ngRes := make([]model.NotificationGroupResponseItem, 0, len(ng)) + ngRes := make([]*model.NotificationGroupResponseItem, 0, len(ng)) for _, n := range ng { - ngRes = append(ngRes, model.NotificationGroupResponseItem{ + ngRes = append(ngRes, &model.NotificationGroupResponseItem{ Group: n, Notifications: groupNotifications[n.ID], }) diff --git a/cmd/dashboard/controller/server.go b/cmd/dashboard/controller/server.go index 48bd56e..604b0bb 100644 --- a/cmd/dashboard/controller/server.go +++ b/cmd/dashboard/controller/server.go @@ -61,6 +61,10 @@ func updateServer(c *gin.Context) (any, error) { return nil, singleton.Localizer.ErrorT("server id %d does not exist", id) } + if !s.HasPermission(c) { + return nil, singleton.Localizer.ErrorT("unauthorized") + } + s.Name = sf.Name s.DisplayIndex = sf.DisplayIndex s.Note = sf.Note @@ -99,11 +103,23 @@ func updateServer(c *gin.Context) (any, error) { // @Success 200 {object} model.CommonResponse[any] // @Router /batch-delete/server [post] func batchDeleteServer(c *gin.Context) (any, error) { - var servers []uint64 - if err := c.ShouldBindJSON(&servers); err != nil { + var serversRaw []uint64 + if err := c.ShouldBindJSON(&serversRaw); err != nil { return nil, err } + var servers []uint64 + singleton.ServerLock.RLock() + for _, sid := range serversRaw { + if s, ok := singleton.ServerList[sid]; ok { + if !s.HasPermission(c) { + return nil, singleton.Localizer.ErrorT("permission denied") + } + servers = append(servers, s.ID) + } + } + singleton.ServerLock.RUnlock() + err := singleton.DB.Transaction(func(tx *gorm.DB) error { if err := tx.Unscoped().Delete(&model.Server{}, "id in (?)", servers).Error; err != nil { return err diff --git a/cmd/dashboard/controller/service.go b/cmd/dashboard/controller/service.go index 2956681..ed9e859 100644 --- a/cmd/dashboard/controller/service.go +++ b/cmd/dashboard/controller/service.go @@ -190,7 +190,10 @@ func createService(c *gin.Context) (uint64, error) { return 0, err } + uid := getUid(c) + var m model.Service + m.UserID = uid m.Name = mf.Name m.Target = strings.TrimSpace(mf.Target) m.Type = mf.Type diff --git a/model/common.go b/model/common.go index 15961ff..6b83911 100644 --- a/model/common.go +++ b/model/common.go @@ -23,6 +23,10 @@ type Common struct { UserID uint64 `json:"user_id,omitempty"` } +func (c *Common) GetID() uint64 { + return c.ID +} + func (c *Common) HasPermission(ctx *gin.Context) bool { auth, ok := ctx.Get(CtxKeyAuthorizedUser) if !ok { @@ -38,6 +42,7 @@ func (c *Common) HasPermission(ctx *gin.Context) bool { } type CommonInterface interface { + GetID() uint64 HasPermission(*gin.Context) bool } diff --git a/model/server_group_api.go b/model/server_group_api.go index 1079564..e36a236 100644 --- a/model/server_group_api.go +++ b/model/server_group_api.go @@ -1,7 +1,5 @@ package model -import "github.com/gin-gonic/gin" - type ServerGroupForm struct { Name string `json:"name" minLength:"1"` Servers []uint64 `json:"servers"` @@ -11,7 +9,3 @@ type ServerGroupResponseItem struct { Group ServerGroup `json:"group"` Servers []uint64 `json:"servers"` } - -func (sg *ServerGroupResponseItem) HasPermission(c *gin.Context) bool { - return sg.Group.HasPermission(c) -}