perf: 优化匿名账号

2023-06-27 15:22:18 +08:00 · 2023-06-27 15:22:18 +08:00 · 4737e2cf4a
parent a22f36a06a
commit 4737e2cf4a
2 changed files with 16 additions and 9 deletions
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@ -10,10 +10,11 @@ from django.utils import timezone
 from django.utils.translation import ugettext_lazy as _
 from rest_framework import status
 from rest_framework.decorators import action
-from rest_framework.exceptions import PermissionDenied
+from rest_framework.exceptions import PermissionDenied, ValidationError
 from rest_framework.request import Request
 from rest_framework.response import Response

+from accounts.const import AliasAccount
 from common.api import JMSModelViewSet
 from common.exceptions import JMSException
 from common.utils import random_string, get_logger, get_request_ip
@ -282,13 +283,17 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
        data['org_id'] = asset.org_id
        data['user'] = user
        data['value'] = random_string(16)
+
+        if account_name == AliasAccount.ANON and asset.category not in ['web', 'custom']:
+            raise ValidationError(_('Anonymous account is not supported for this asset'))
+
        account = self._validate_perm(user, asset, account_name)
        if account.has_secret:
            data['input_secret'] = ''

-        if account.username != '@INPUT':
+        if account.username != AliasAccount.INPUT:
            data['input_username'] = ''
-        if account.username == '@USER':
+        elif account.username == AliasAccount.USER:
            data['input_username'] = user.username

        ticket = self._validate_acl(user, asset, account)
--- a/apps/authentication/models/connection_token.py
+++ b/apps/authentication/models/connection_token.py
@ -210,16 +210,18 @@ class ConnectionToken(JMSOrgBaseModel):
        if not self.asset:
            return None

-        if self.account == AliasAccount.ANON and self.asset.category not in ['web', 'custom']:
-            raise JMSException({'error': 'Anonymous account is not supported in {}'.format(self.asset.category)})
-
        if self.account.startswith('@'):
            account = Account.get_special_account(self.account)
+            account.asset = self.asset
+            account.org_id = self.asset.org_id
+
+            if self.account == AliasAccount.INPUT:
+                account.username = self.input_username
+                account.secret = self.input_secret
        else:
            account = self.asset.accounts.filter(name=self.account).first()
-
-        account.asset = self.asset
-        account.secret = account.secret or self.input_secret
+            if not account.secret and self.input_secret:
+                account.secret = self.input_secret
        return account

    @lazyproperty