github.com/polarismesh/polaris@v1.17.8/apiserver/httpserver/auth_access.go (about) 1 /** 2 * Tencent is pleased to support the open source community by making Polaris available. 3 * 4 * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. 5 * 6 * Licensed under the BSD 3-Clause License (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at 9 * 10 * https://opensource.org/licenses/BSD-3-Clause 11 * 12 * Unless required by applicable law or agreed to in writing, software distributed 13 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 * specific language governing permissions and limitations under the License. 16 */ 17 18 package httpserver 19 20 import ( 21 "strconv" 22 23 "github.com/emicklei/go-restful/v3" 24 "github.com/golang/protobuf/proto" 25 apimodel "github.com/polarismesh/specification/source/go/api/v1/model" 26 apisecurity "github.com/polarismesh/specification/source/go/api/v1/security" 27 apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage" 28 29 "github.com/polarismesh/polaris/apiserver/httpserver/docs" 30 httpcommon "github.com/polarismesh/polaris/apiserver/httpserver/utils" 31 api "github.com/polarismesh/polaris/common/api/v1" 32 "github.com/polarismesh/polaris/common/utils" 33 ) 34 35 // GetAuthServer 运维接口 36 func (h *HTTPServer) GetAuthServer(ws *restful.WebService) error { 37 ws.Route(docs.EnrichAuthStatusApiDocs(ws.GET("/auth/status").To(h.AuthStatus))) 38 // 39 ws.Route(docs.EnrichLoginApiDocs(ws.POST("/user/login").To(h.Login))) 40 ws.Route(docs.EnrichGetUsersApiDocs(ws.GET("/users").To(h.GetUsers))) 41 ws.Route(docs.EnrichCreateUsersApiDocs(ws.POST("/users").To(h.CreateUsers))) 42 ws.Route(docs.EnrichDeleteUsersApiDocs(ws.POST("/users/delete").To(h.DeleteUsers))) 43 ws.Route(docs.EnrichUpdateUserApiDocs(ws.PUT("/user").To(h.UpdateUser))) 44 ws.Route(docs.EnrichUpdateUserPasswordApiDocs(ws.PUT("/user/password").To(h.UpdateUserPassword))) 45 ws.Route(docs.EnrichGetUserTokenApiDocs(ws.GET("/user/token").To(h.GetUserToken))) 46 ws.Route(docs.EnrichUpdateUserTokenApiDocs(ws.PUT("/user/token/status").To(h.UpdateUserToken))) 47 ws.Route(docs.EnrichResetUserTokenApiDocs(ws.PUT("/user/token/refresh").To(h.ResetUserToken))) 48 // 49 ws.Route(docs.EnrichCreateGroupApiDocs(ws.POST("/usergroup").To(h.CreateGroup))) 50 ws.Route(docs.EnrichUpdateGroupsApiDocs(ws.PUT("/usergroups").To(h.UpdateGroups))) 51 ws.Route(docs.EnrichGetGroupsApiDocs(ws.GET("/usergroups").To(h.GetGroups))) 52 ws.Route(docs.EnrichDeleteGroupsApiDocs(ws.POST("/usergroups/delete").To(h.DeleteGroups))) 53 ws.Route(docs.EnrichGetGroupApiDocs(ws.GET("/usergroup/detail").To(h.GetGroup))) 54 ws.Route(docs.EnrichGetGroupTokenApiDocs(ws.GET("/usergroup/token").To(h.GetGroupToken))) 55 ws.Route(docs.EnrichUpdateGroupTokenApiDocs(ws.PUT("/usergroup/token/status").To(h.UpdateGroupToken))) 56 ws.Route(docs.EnrichResetGroupTokenApiDocs(ws.PUT("/usergroup/token/refresh").To(h.ResetGroupToken))) 57 58 ws.Route(docs.EnrichCreateStrategyApiDocs(ws.POST("/auth/strategy").To(h.CreateStrategy))) 59 ws.Route(docs.EnrichGetStrategyApiDocs(ws.GET("/auth/strategy/detail").To(h.GetStrategy))) 60 ws.Route(docs.EnrichUpdateStrategiesApiDocs(ws.PUT("/auth/strategies").To(h.UpdateStrategies))) 61 ws.Route(docs.EnrichDeleteStrategiesApiDocs(ws.POST("/auth/strategies/delete").To(h.DeleteStrategies))) 62 ws.Route(docs.EnrichGetStrategiesApiDocs(ws.GET("/auth/strategies").To(h.GetStrategies))) 63 ws.Route(docs.EnrichGetPrincipalResourcesApiDocs(ws.GET("/auth/principal/resources").To(h.GetPrincipalResources))) 64 65 return nil 66 } 67 68 // AuthStatus auth status 69 func (h *HTTPServer) AuthStatus(req *restful.Request, rsp *restful.Response) { 70 handler := &httpcommon.Handler{ 71 Request: req, 72 Response: rsp, 73 } 74 75 checker := h.strategyMgn.GetAuthChecker() 76 77 isOpen := (checker.IsOpenClientAuth() || checker.IsOpenConsoleAuth()) 78 resp := api.NewAuthResponse(apimodel.Code_ExecuteSuccess) 79 resp.OptionSwitch = &apiservice.OptionSwitch{ 80 Options: map[string]string{ 81 "auth": strconv.FormatBool(isOpen), 82 "clientOpen": strconv.FormatBool(checker.IsOpenClientAuth()), 83 "consoleOpen": strconv.FormatBool(checker.IsOpenConsoleAuth()), 84 }, 85 } 86 87 handler.WriteHeaderAndProto(resp) 88 } 89 90 // Login 登录函数 91 func (h *HTTPServer) Login(req *restful.Request, rsp *restful.Response) { 92 handler := &httpcommon.Handler{ 93 Request: req, 94 Response: rsp, 95 } 96 97 loginReq := &apisecurity.LoginRequest{} 98 99 _, err := handler.Parse(loginReq) 100 if err != nil { 101 handler.WriteHeaderAndProto(api.NewAuthResponseWithMsg(apimodel.Code_ParseException, err.Error())) 102 return 103 } 104 105 handler.WriteHeaderAndProto(h.userMgn.Login(loginReq)) 106 } 107 108 // CreateUsers 批量创建用户 109 func (h *HTTPServer) CreateUsers(req *restful.Request, rsp *restful.Response) { 110 handler := &httpcommon.Handler{ 111 Request: req, 112 Response: rsp, 113 } 114 115 var users UserArr 116 117 ctx, err := handler.ParseArray(func() proto.Message { 118 msg := &apisecurity.User{} 119 users = append(users, msg) 120 return msg 121 }) 122 if err != nil { 123 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 124 return 125 } 126 127 handler.WriteHeaderAndProto(h.userMgn.CreateUsers(ctx, users)) 128 } 129 130 // UpdateUser 更新用户 131 func (h *HTTPServer) UpdateUser(req *restful.Request, rsp *restful.Response) { 132 handler := &httpcommon.Handler{ 133 Request: req, 134 Response: rsp, 135 } 136 137 user := &apisecurity.User{} 138 139 ctx, err := handler.Parse(user) 140 if err != nil { 141 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 142 return 143 } 144 145 handler.WriteHeaderAndProto(h.userMgn.UpdateUser(ctx, user)) 146 } 147 148 // UpdateUserPassword 更新用户 149 func (h *HTTPServer) UpdateUserPassword(req *restful.Request, rsp *restful.Response) { 150 handler := &httpcommon.Handler{ 151 Request: req, 152 Response: rsp, 153 } 154 155 user := &apisecurity.ModifyUserPassword{} 156 157 ctx, err := handler.Parse(user) 158 if err != nil { 159 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 160 return 161 } 162 163 handler.WriteHeaderAndProto(h.userMgn.UpdateUserPassword(ctx, user)) 164 } 165 166 // DeleteUsers 批量删除用户 167 func (h *HTTPServer) DeleteUsers(req *restful.Request, rsp *restful.Response) { 168 handler := &httpcommon.Handler{ 169 Request: req, 170 Response: rsp, 171 } 172 173 var users UserArr 174 175 ctx, err := handler.ParseArray(func() proto.Message { 176 msg := &apisecurity.User{} 177 users = append(users, msg) 178 return msg 179 }) 180 if err != nil { 181 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 182 return 183 } 184 185 handler.WriteHeaderAndProto(h.userMgn.DeleteUsers(ctx, users)) 186 } 187 188 // GetUsers 查询用户 189 func (h *HTTPServer) GetUsers(req *restful.Request, rsp *restful.Response) { 190 handler := &httpcommon.Handler{ 191 Request: req, 192 Response: rsp, 193 } 194 195 queryParams := httpcommon.ParseQueryParams(req) 196 ctx := handler.ParseHeaderContext() 197 198 handler.WriteHeaderAndProto(h.userMgn.GetUsers(ctx, queryParams)) 199 } 200 201 // GetUserToken 获取这个用户所关联的所有用户组列表信息,支持翻页 202 func (h *HTTPServer) GetUserToken(req *restful.Request, rsp *restful.Response) { 203 handler := &httpcommon.Handler{ 204 Request: req, 205 Response: rsp, 206 } 207 queryParams := httpcommon.ParseQueryParams(req) 208 209 user := &apisecurity.User{ 210 Id: utils.NewStringValue(queryParams["id"]), 211 } 212 213 handler.WriteHeaderAndProto(h.userMgn.GetUserToken(handler.ParseHeaderContext(), user)) 214 } 215 216 // UpdateUserToken 更改用户的token 217 func (h *HTTPServer) UpdateUserToken(req *restful.Request, rsp *restful.Response) { 218 handler := &httpcommon.Handler{ 219 Request: req, 220 Response: rsp, 221 } 222 223 user := &apisecurity.User{} 224 225 ctx, err := handler.Parse(user) 226 if err != nil { 227 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 228 return 229 } 230 231 handler.WriteHeaderAndProto(h.userMgn.UpdateUserToken(ctx, user)) 232 } 233 234 // ResetUserToken 重置用户 token 235 func (h *HTTPServer) ResetUserToken(req *restful.Request, rsp *restful.Response) { 236 handler := &httpcommon.Handler{ 237 Request: req, 238 Response: rsp, 239 } 240 241 user := &apisecurity.User{} 242 243 ctx, err := handler.Parse(user) 244 if err != nil { 245 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 246 return 247 } 248 249 handler.WriteHeaderAndProto(h.userMgn.ResetUserToken(ctx, user)) 250 } 251 252 // CreateGroup 创建用户组 253 func (h *HTTPServer) CreateGroup(req *restful.Request, rsp *restful.Response) { 254 handler := &httpcommon.Handler{ 255 Request: req, 256 Response: rsp, 257 } 258 259 group := &apisecurity.UserGroup{} 260 261 ctx, err := handler.Parse(group) 262 if err != nil { 263 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 264 return 265 } 266 267 handler.WriteHeaderAndProto(h.userMgn.CreateGroup(ctx, group)) 268 } 269 270 // UpdateGroups 更新用户组 271 func (h *HTTPServer) UpdateGroups(req *restful.Request, rsp *restful.Response) { 272 handler := &httpcommon.Handler{ 273 Request: req, 274 Response: rsp, 275 } 276 277 var groups ModifyGroupArr 278 279 ctx, err := handler.ParseArray(func() proto.Message { 280 msg := &apisecurity.ModifyUserGroup{} 281 groups = append(groups, msg) 282 return msg 283 }) 284 if err != nil { 285 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 286 return 287 } 288 289 handler.WriteHeaderAndProto(h.userMgn.UpdateGroups(ctx, groups)) 290 } 291 292 // DeleteGroups 删除用户组 293 func (h *HTTPServer) DeleteGroups(req *restful.Request, rsp *restful.Response) { 294 handler := &httpcommon.Handler{ 295 Request: req, 296 Response: rsp, 297 } 298 299 var groups GroupArr 300 301 ctx, err := handler.ParseArray(func() proto.Message { 302 msg := &apisecurity.UserGroup{} 303 groups = append(groups, msg) 304 return msg 305 }) 306 if err != nil { 307 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 308 return 309 } 310 311 handler.WriteHeaderAndProto(h.userMgn.DeleteGroups(ctx, groups)) 312 } 313 314 // GetGroups 获取用户组列表 315 func (h *HTTPServer) GetGroups(req *restful.Request, rsp *restful.Response) { 316 handler := &httpcommon.Handler{ 317 Request: req, 318 Response: rsp, 319 } 320 321 queryParams := httpcommon.ParseQueryParams(req) 322 ctx := handler.ParseHeaderContext() 323 324 handler.WriteHeaderAndProto(h.userMgn.GetGroups(ctx, queryParams)) 325 } 326 327 // GetGroup 获取用户组详细 328 func (h *HTTPServer) GetGroup(req *restful.Request, rsp *restful.Response) { 329 handler := &httpcommon.Handler{ 330 Request: req, 331 Response: rsp, 332 } 333 334 queryParams := httpcommon.ParseQueryParams(req) 335 ctx := handler.ParseHeaderContext() 336 337 group := &apisecurity.UserGroup{ 338 Id: utils.NewStringValue(queryParams["id"]), 339 } 340 341 handler.WriteHeaderAndProto(h.userMgn.GetGroup(ctx, group)) 342 } 343 344 // GetGroupToken 获取用户组 token 345 func (h *HTTPServer) GetGroupToken(req *restful.Request, rsp *restful.Response) { 346 handler := &httpcommon.Handler{ 347 Request: req, 348 Response: rsp, 349 } 350 351 queryParams := httpcommon.ParseQueryParams(req) 352 ctx := handler.ParseHeaderContext() 353 354 group := &apisecurity.UserGroup{ 355 Id: utils.NewStringValue(queryParams["id"]), 356 } 357 358 handler.WriteHeaderAndProto(h.userMgn.GetGroupToken(ctx, group)) 359 } 360 361 // UpdateGroupToken 更新用户组 token 362 func (h *HTTPServer) UpdateGroupToken(req *restful.Request, rsp *restful.Response) { 363 handler := &httpcommon.Handler{ 364 Request: req, 365 Response: rsp, 366 } 367 368 group := &apisecurity.UserGroup{} 369 370 ctx, err := handler.Parse(group) 371 if err != nil { 372 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 373 return 374 } 375 376 handler.WriteHeaderAndProto(h.userMgn.UpdateGroupToken(ctx, group)) 377 } 378 379 // ResetGroupToken 重置用户组 token 380 func (h *HTTPServer) ResetGroupToken(req *restful.Request, rsp *restful.Response) { 381 handler := &httpcommon.Handler{ 382 Request: req, 383 Response: rsp, 384 } 385 386 group := &apisecurity.UserGroup{} 387 388 ctx, err := handler.Parse(group) 389 if err != nil { 390 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 391 return 392 } 393 394 handler.WriteHeaderAndProto(h.userMgn.ResetGroupToken(ctx, group)) 395 } 396 397 // CreateStrategy 创建鉴权策略 398 func (h *HTTPServer) CreateStrategy(req *restful.Request, rsp *restful.Response) { 399 handler := &httpcommon.Handler{ 400 Request: req, 401 Response: rsp, 402 } 403 404 strategy := &apisecurity.AuthStrategy{} 405 406 ctx, err := handler.Parse(strategy) 407 if err != nil { 408 handler.WriteHeaderAndProto(api.NewAuthResponseWithMsg(apimodel.Code_ParseException, err.Error())) 409 return 410 } 411 412 handler.WriteHeaderAndProto(h.strategyMgn.CreateStrategy(ctx, strategy)) 413 } 414 415 // UpdateStrategies 更新鉴权策略 416 func (h *HTTPServer) UpdateStrategies(req *restful.Request, rsp *restful.Response) { 417 handler := &httpcommon.Handler{ 418 Request: req, 419 Response: rsp, 420 } 421 422 var strategies ModifyStrategyArr 423 424 ctx, err := handler.ParseArray(func() proto.Message { 425 msg := &apisecurity.ModifyAuthStrategy{} 426 strategies = append(strategies, msg) 427 return msg 428 }) 429 if err != nil { 430 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 431 return 432 } 433 434 handler.WriteHeaderAndProto(h.strategyMgn.UpdateStrategies(ctx, strategies)) 435 } 436 437 // DeleteStrategies 批量删除鉴权策略 438 func (h *HTTPServer) DeleteStrategies(req *restful.Request, rsp *restful.Response) { 439 handler := &httpcommon.Handler{ 440 Request: req, 441 Response: rsp, 442 } 443 444 var strategies StrategyArr 445 446 ctx, err := handler.ParseArray(func() proto.Message { 447 msg := &apisecurity.AuthStrategy{} 448 strategies = append(strategies, msg) 449 return msg 450 }) 451 if err != nil { 452 handler.WriteHeaderAndProto(api.NewBatchWriteResponseWithMsg(apimodel.Code_ParseException, err.Error())) 453 return 454 } 455 456 handler.WriteHeaderAndProto(h.strategyMgn.DeleteStrategies(ctx, strategies)) 457 } 458 459 // GetStrategies 批量获取鉴权策略 460 func (h *HTTPServer) GetStrategies(req *restful.Request, rsp *restful.Response) { 461 handler := &httpcommon.Handler{ 462 Request: req, 463 Response: rsp, 464 } 465 466 queryParams := httpcommon.ParseQueryParams(req) 467 ctx := handler.ParseHeaderContext() 468 469 handler.WriteHeaderAndProto(h.strategyMgn.GetStrategies(ctx, queryParams)) 470 } 471 472 // GetStrategy 获取鉴权策略详细 473 func (h *HTTPServer) GetStrategy(req *restful.Request, rsp *restful.Response) { 474 handler := &httpcommon.Handler{ 475 Request: req, 476 Response: rsp, 477 } 478 479 queryParams := httpcommon.ParseQueryParams(req) 480 ctx := handler.ParseHeaderContext() 481 482 strategy := &apisecurity.AuthStrategy{ 483 Id: utils.NewStringValue(queryParams["id"]), 484 } 485 486 handler.WriteHeaderAndProto(h.strategyMgn.GetStrategy(ctx, strategy)) 487 } 488 489 // GetPrincipalResources 获取鉴权策略详细 490 func (h *HTTPServer) GetPrincipalResources(req *restful.Request, rsp *restful.Response) { 491 handler := &httpcommon.Handler{ 492 Request: req, 493 Response: rsp, 494 } 495 496 queryParams := httpcommon.ParseQueryParams(req) 497 ctx := handler.ParseHeaderContext() 498 499 handler.WriteHeaderAndProto(h.strategyMgn.GetPrincipalResources(ctx, queryParams)) 500 }