github
/
certd
mirror of https://github.com/certd/certd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore:

pull/330/head
xiaojunnuo 2025-01-19 00:33:34 +08:00
parent 93b37a89c9
commit e79703e49b
9 changed files with 156 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/ui/certd-client/src/style/certd.less
View File

@ -9,6 +9,10 @@
display: inline-flex;
justify-content: center;
align-items: center;
.fs-iconify{
font-size:18px;
margin-right: 5px;
}
}
.cd-icon-button {

8
packages/ui/certd-client/src/views/certd/open/openkey/api.ts
View File

@ -1,8 +1,9 @@
import { request } from "/src/api/service";
export function createApi() {
export const OPEN_API_DOC = "https://apifox.com/apidoc/shared-2e76f8c4-7c58-413b-a32d-a1316529af44/254949529e0";
const apiPrefix = "/open/key";
return {
export const openkeyApi = {
async GetList(query: any) {
return await request({
url: apiPrefix + "/page",
@ -50,6 +51,3 @@ export function createApi() {
});
}
};
}
export const pipelineGroupApi = createApi();

66
packages/ui/certd-client/src/views/certd/open/openkey/crud.tsx
View File

@ -1,15 +1,12 @@
// @ts-ignore
import { useI18n } from "vue-i18n";
import { AddReq, CreateCrudOptionsProps, CreateCrudOptionsRet, DelReq, EditReq, UserPageQuery, UserPageRes } from "@fast-crud/fast-crud";
import { pipelineGroupApi } from "./api";
import dayjs from "dayjs";
import { Modal } from "ant-design-vue";
import CertView from "/@/views/certd/pipeline/cert-view.vue";
import { AddReq, CreateCrudOptionsProps, CreateCrudOptionsRet, DelReq, dict, EditReq, UserPageQuery, UserPageRes } from "@fast-crud/fast-crud";
import { OPEN_API_DOC, openkeyApi } from "./api";
import { useModal } from "/@/use/use-modal";
export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
const { t } = useI18n();
const api = pipelineGroupApi;
const api = openkeyApi;
const pageRequest = async (query: UserPageQuery): Promise<UserPageRes> => {
return await api.GetList(query);
};
@ -59,17 +56,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
actionbar: {
buttons: {
add: {
text: "生成新的Key",
click() {
Modal.confirm({
title: "确认",
content: "确定要生成新的Key?",
async onOk() {
await api.AddObj({});
await crudExpose.doRefresh();
}
});
}
text: "生成新的Key"
}
}
},
@ -82,7 +69,10 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
edit: { show: false },
remove: { show: true },
gen: {
text: "测试ApiToken",
text: " 接口测试",
size: "mini",
icon: "devicon-plain:vitest",
type: "primary",
async click({ row }) {
const apiToken = await api.GetApiToken(row.id);
@ -94,7 +84,13 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
content: () => {
return (
<div>
<div class={"m-10 p-10"}>ApiKey3使</div>
<div class={"m-10 p-10"}>
ApiKey3使
<a href={OPEN_API_DOC} target={"_blank"}>
</a>
</div>
<div class={"m-10 p-10"} style={{ border: "1px solid #333" }}>
<fs-copyable model-value={apiToken}></fs-copyable>
</div>
@ -126,26 +122,50 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
},
keyId: {
title: "KeyId",
type: ["text", "copyable"],
search: {
show: false
},
form: {
show: false
},
type: "text",
column: {
width: 200,
width: 250,
sorter: true
}
},
keySecret: {
title: "KeySecret",
type: "text",
type: ["text", "copyable"],
form: {
show: false
},
column: {
width: 550,
width: 580,
sorter: true
}
},
scope: {
title: "权限范围",
type: "dict-radio",
dict: dict({
data: [
{ label: "仅开放接口", value: "open", color: "blue" },
{ label: "账户所有权限", value: "user", color: "red" }
]
}),
form: {
value: "open",
show: true,
rules: [{ required: true, message: "此项必填" }],
helper: "仅开放接口只可以访问开放接口,账户所有权限可以访问所有接口",
component: {
vModel: "value"
}
},
column: {
width: 120,
align: "center",
sorter: true
}
},

8
packages/ui/certd-client/src/views/certd/open/openkey/index.vue
View File

@ -2,16 +2,20 @@
<fs-page>
<template #header>
<div class="title">开放接口密钥管理</div>
<div class="more">
<a :href="OPEN_API_DOC" target="_blank">开放接口文档</a>
</div>
</template>
<fs-crud ref="crudRef" v-bind="crudBinding"> </fs-crud>
</fs-page>
</template>
<script lang="ts" setup>
import { defineComponent, onActivated, onMounted } from "vue";
import { onActivated, onMounted } from "vue";
import { useFs } from "@fast-crud/fast-crud";
import createCrudOptions from "./crud";
import { createApi } from "./api";
import { OPEN_API_DOC } from "/@/views/certd/open/openkey/api";
defineOptions({
name: "OpenKey"
});

1
packages/ui/certd-server/db/migration/v10020__open.sql
View File

@ -4,6 +4,7 @@ CREATE TABLE "cd_open_key"
"user_id" integer,
"key_id" varchar(50),
"key_secret" varchar(100),
"scope" varchar(50),
"disabled" boolean NOT NULL DEFAULT (false),
"create_time" datetime NOT NULL DEFAULT (CURRENT_TIMESTAMP),
"update_time" datetime NOT NULL DEFAULT (CURRENT_TIMESTAMP)

7
packages/ui/certd-server/src/controller/user/open/open-key-controller.ts
View File

@ -37,10 +37,9 @@ export class OpenKeyController extends CrudController<OpenKeyService> {
}
@Post('/add', { summary: Constants.per.authOnly })
async add() {
const bean: any = {};
bean.userId = this.getUserId();
const res = await this.service.add(bean);
async add(@Body(ALL) body: any) {
body.userId = this.getUserId();
const res = await this.service.add(body);
return this.ok(res);
}

50
packages/ui/certd-server/src/middleware/authority.ts
View File

@ -4,8 +4,8 @@ import jwt from 'jsonwebtoken';
import { Constants, SysPrivateSettings, SysSettingsService } from '@certd/lib-server';
import { logger } from '@certd/basic';
import { AuthService } from '../modules/sys/authority/service/auth-service.js';
import { Next } from 'koa';
import { OpenKeyService } from '../modules/open/service/open-key-service.js';
import { RoleService } from '../modules/sys/authority/service/role-service.js';
/**
*
@ -18,6 +18,8 @@ export class AuthorityMiddleware implements IWebMiddleware {
@Inject()
authService: AuthService;
@Inject()
roleService: RoleService;
@Inject()
openKeyService: OpenKeyService;
@Inject()
sysSettingsService: SysSettingsService;
@ -50,10 +52,6 @@ export class AuthorityMiddleware implements IWebMiddleware {
return;
}
if (permission === Constants.per.open) {
return this.doOpenHandler(ctx, next);
}
let token = ctx.get('Authorization') || '';
token = token.replace('Bearer ', '').trim();
if (!token) {
@ -64,16 +62,33 @@ export class AuthorityMiddleware implements IWebMiddleware {
//尝试从query中获取token
token = (ctx.query.token as string) || '';
}
if (token) {
try {
ctx.user = jwt.verify(token, this.secret);
} catch (err) {
logger.error('token verify error: ', err);
ctx.status = 401;
ctx.body = Constants.res.auth;
return this.notAuth(ctx);
}
} else {
//找找openKey
const openKey = await this.doOpenHandler(ctx);
if (!openKey) {
return this.notAuth(ctx);
}
if (permission === Constants.per.open) {
await next();
return;
} else if (openKey.scope === 'open') {
return this.notAuth(ctx);
}
}
if (permission === Constants.per.authOnly) {
await next();
return;
}
if (permission !== Constants.per.authOnly) {
const pass = await this.authService.checkPermission(ctx, permission);
if (!pass) {
logger.info('not permission: ', ctx.req.url);
@ -81,24 +96,27 @@ export class AuthorityMiddleware implements IWebMiddleware {
ctx.body = Constants.res.permission;
return;
}
}
await next();
};
}
async doOpenHandler(ctx: IMidwayKoaContext, next: Next) {
//开放接口
const openKey = ctx.get('x-api-token') || '';
if (!openKey) {
private notAuth(ctx: IMidwayKoaContext) {
ctx.status = 401;
ctx.body = Constants.res.auth;
return;
}
async doOpenHandler(ctx: IMidwayKoaContext) {
//开放接口
const openKey = ctx.get('x-certd-token') || '';
if (!openKey) {
return null;
}
//校验 openKey
const openKeyRes = await this.openKeyService.verifyOpenKey(openKey);
ctx.user = { id: openKeyRes.userId };
const roles = await this.roleService.getRoleIdsByUserId(openKeyRes.userId);
ctx.user = { id: openKeyRes.userId, roles };
ctx.openKey = openKeyRes;
await next();
return openKeyRes;
}
}

3
packages/ui/certd-server/src/modules/open/entity/open-key.ts
View File

@ -14,6 +14,9 @@ export class OpenKeyEntity {
@Column({ name: 'key_secret', comment: 'keySecret' })
keySecret: string;
@Column({ name: 'scope', comment: '权限范围' })
scope: string; // open 仅开放接口、 user 用户所有权限
@Column({ name: 'create_time', comment: '创建时间', default: () => 'CURRENT_TIMESTAMP' })
createTime: Date;

7
packages/ui/certd-server/src/modules/open/service/open-key-service.ts
View File

@ -12,6 +12,7 @@ export type OpenKey = {
keyId: string;
keySecret: string;
encrypt: boolean;
scope: string;
};
@Provide()
@Scope(ScopeEnum.Request, { allowDowngrade: true })
@ -29,10 +30,10 @@ export class OpenKeyService extends BaseService<OpenKeyEntity> {
}
async add(bean: OpenKeyEntity) {
return await this.generate(bean.userId);
return await this.generate(bean.userId, bean.scope);
}
async generate(userId: number) {
async generate(userId: number, scope: string) {
const keyId = utils.id.simpleNanoId(18) + '_key';
const secretKey = crypto.randomBytes(32);
const keySecret = Buffer.from(secretKey).toString('hex');
@ -40,6 +41,7 @@ export class OpenKeyService extends BaseService<OpenKeyEntity> {
entity.userId = userId;
entity.keyId = keyId;
entity.keySecret = keySecret;
entity.scope = scope ?? 'open';
await this.repository.save(entity);
return entity;
}
@ -84,6 +86,7 @@ export class OpenKeyService extends BaseService<OpenKeyEntity> {
keyId: entity.keyId,
keySecret: entity.keySecret,
encrypt: encrypt,
scope: entity.scope,
};
}