From 3c6aadb253c7a053ca363568a068e4eee4a07e39 Mon Sep 17 00:00:00 2001 From: laodaming <11058467+laudamine@user.noreply.gitee.com> Date: Tue, 21 Nov 2023 18:10:30 +0800 Subject: [PATCH] fix --- .../addldaporganizationmemberhandler.go | 4 ++-- .../handler/createldaporganizationhandler.go | 4 ++-- .../handler/createldapuserbasegrouphandler.go | 4 ++-- .../internal/handler/createldapuserhandler.go | 4 ++-- .../handler/deleteldaporganizationhandler.go | 4 ++-- .../internal/handler/deleteldapuserhandler.go | 4 ++-- .../getldaporganizationmembershandler.go | 4 ++-- .../handler/getldaporganizationshandler.go | 4 ++-- .../handler/getldapuserinfohandler.go | 4 ++-- .../internal/handler/getldapusershandler.go | 4 ++-- .../internal/handler/ldapuserloginhandler.go | 4 ++-- .../removeldaporganizationmemberhandler.go | 4 ++-- .../handler/updateldaporganizationhandler.go | 4 ++-- .../internal/handler/updateldapuserhandler.go | 4 ++-- .../handler/updateldapuserpwdhandler.go | 4 ++-- .../logic/addldaporganizationmemberlogic.go | 9 +++++--- .../logic/createldaporganizationlogic.go | 9 +++++--- .../logic/createldapuserbasegrouplogic.go | 7 ++++-- .../internal/logic/createldapuserlogic.go | 9 +++++--- .../logic/deleteldaporganizationlogic.go | 9 +++++--- .../internal/logic/deleteldapuserlogic.go | 9 +++++--- .../logic/getldaporganizationmemberslogic.go | 9 +++++--- .../logic/getldaporganizationslogic.go | 9 +++++--- .../internal/logic/getldapuserinfologic.go | 9 +++++--- .../internal/logic/getldapuserslogic.go | 9 +++++--- .../internal/logic/ldapuserloginlogic.go | 5 ++--- .../removeldaporganizationmemberlogic.go | 9 +++++--- .../logic/updateldaporganizationlogic.go | 9 +++++--- .../internal/logic/updateldapuserlogic.go | 9 +++++--- .../internal/logic/updateldapuserpwdlogic.go | 9 +++++--- utils/ldap_lib/auth.go | 22 +++++++++++++++++++ utils/ldap_lib/jwt_parse.go | 10 +++++---- 32 files changed, 143 insertions(+), 78 deletions(-) create mode 100644 utils/ldap_lib/auth.go diff --git a/server/ldap-admin/internal/handler/addldaporganizationmemberhandler.go b/server/ldap-admin/internal/handler/addldaporganizationmemberhandler.go index 36830cba..aedb3caf 100644 --- a/server/ldap-admin/internal/handler/addldaporganizationmemberhandler.go +++ b/server/ldap-admin/internal/handler/addldaporganizationmemberhandler.go @@ -15,7 +15,7 @@ func AddLdapOrganizationMemberHandler(svcCtx *svc.ServiceContext) http.HandlerFu return func(w http.ResponseWriter, r *http.Request) { var req types.AddLdapOrganizationMemberReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func AddLdapOrganizationMemberHandler(svcCtx *svc.ServiceContext) http.HandlerFu rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.AddLdapOrganizationMember(&req, userinfo) + resp := l.AddLdapOrganizationMember(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/createldaporganizationhandler.go b/server/ldap-admin/internal/handler/createldaporganizationhandler.go index fcfe86f6..cfe47f9b 100644 --- a/server/ldap-admin/internal/handler/createldaporganizationhandler.go +++ b/server/ldap-admin/internal/handler/createldaporganizationhandler.go @@ -15,7 +15,7 @@ func CreateLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc return func(w http.ResponseWriter, r *http.Request) { var req types.CreateLdapOrganizationReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func CreateLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.CreateLdapOrganization(&req, userinfo) + resp := l.CreateLdapOrganization(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/createldapuserbasegrouphandler.go b/server/ldap-admin/internal/handler/createldapuserbasegrouphandler.go index ac573e2f..6f03b35e 100644 --- a/server/ldap-admin/internal/handler/createldapuserbasegrouphandler.go +++ b/server/ldap-admin/internal/handler/createldapuserbasegrouphandler.go @@ -15,7 +15,7 @@ func CreateLdapUserBaseGroupHandler(svcCtx *svc.ServiceContext) http.HandlerFunc return func(w http.ResponseWriter, r *http.Request) { var req types.Request - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func CreateLdapUserBaseGroupHandler(svcCtx *svc.ServiceContext) http.HandlerFunc rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.CreateLdapUserBaseGroup(&req, userinfo) + resp := l.CreateLdapUserBaseGroup(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/createldapuserhandler.go b/server/ldap-admin/internal/handler/createldapuserhandler.go index 9f69d186..0d86a776 100644 --- a/server/ldap-admin/internal/handler/createldapuserhandler.go +++ b/server/ldap-admin/internal/handler/createldapuserhandler.go @@ -15,7 +15,7 @@ func CreateLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.CreateLdapUserReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func CreateLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.CreateLdapUser(&req, userinfo) + resp := l.CreateLdapUser(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/deleteldaporganizationhandler.go b/server/ldap-admin/internal/handler/deleteldaporganizationhandler.go index b209a1a6..d4cf87b5 100644 --- a/server/ldap-admin/internal/handler/deleteldaporganizationhandler.go +++ b/server/ldap-admin/internal/handler/deleteldaporganizationhandler.go @@ -15,7 +15,7 @@ func DeleteLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc return func(w http.ResponseWriter, r *http.Request) { var req types.DeleteLdapOrganizationReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func DeleteLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.DeleteLdapOrganization(&req, userinfo) + resp := l.DeleteLdapOrganization(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/deleteldapuserhandler.go b/server/ldap-admin/internal/handler/deleteldapuserhandler.go index f36b160c..2639d483 100644 --- a/server/ldap-admin/internal/handler/deleteldapuserhandler.go +++ b/server/ldap-admin/internal/handler/deleteldapuserhandler.go @@ -15,7 +15,7 @@ func DeleteLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.DeleteLdapUserReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func DeleteLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.DeleteLdapUser(&req, userinfo) + resp := l.DeleteLdapUser(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/getldaporganizationmembershandler.go b/server/ldap-admin/internal/handler/getldaporganizationmembershandler.go index 23dbfbdc..471b5cf0 100644 --- a/server/ldap-admin/internal/handler/getldaporganizationmembershandler.go +++ b/server/ldap-admin/internal/handler/getldaporganizationmembershandler.go @@ -15,7 +15,7 @@ func GetLdapOrganizationMembersHandler(svcCtx *svc.ServiceContext) http.HandlerF return func(w http.ResponseWriter, r *http.Request) { var req types.GetLdapOrganizationMembersReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func GetLdapOrganizationMembersHandler(svcCtx *svc.ServiceContext) http.HandlerF rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.GetLdapOrganizationMembers(&req, userinfo) + resp := l.GetLdapOrganizationMembers(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/getldaporganizationshandler.go b/server/ldap-admin/internal/handler/getldaporganizationshandler.go index b98edbd4..55bbc992 100644 --- a/server/ldap-admin/internal/handler/getldaporganizationshandler.go +++ b/server/ldap-admin/internal/handler/getldaporganizationshandler.go @@ -15,7 +15,7 @@ func GetLdapOrganizationsHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.Request - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func GetLdapOrganizationsHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.GetLdapOrganizations(&req, userinfo) + resp := l.GetLdapOrganizations(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/getldapuserinfohandler.go b/server/ldap-admin/internal/handler/getldapuserinfohandler.go index d2e7116b..ac721cc9 100644 --- a/server/ldap-admin/internal/handler/getldapuserinfohandler.go +++ b/server/ldap-admin/internal/handler/getldapuserinfohandler.go @@ -15,7 +15,7 @@ func GetLdapUserInfoHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.GetLdapUserInfoReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func GetLdapUserInfoHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.GetLdapUserInfo(&req, userinfo) + resp := l.GetLdapUserInfo(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/getldapusershandler.go b/server/ldap-admin/internal/handler/getldapusershandler.go index bc255166..6c24ba09 100644 --- a/server/ldap-admin/internal/handler/getldapusershandler.go +++ b/server/ldap-admin/internal/handler/getldapusershandler.go @@ -15,7 +15,7 @@ func GetLdapUsersHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.GetLdapUsersReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func GetLdapUsersHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.GetLdapUsers(&req, userinfo) + resp := l.GetLdapUsers(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/ldapuserloginhandler.go b/server/ldap-admin/internal/handler/ldapuserloginhandler.go index e9ee6041..07540e11 100644 --- a/server/ldap-admin/internal/handler/ldapuserloginhandler.go +++ b/server/ldap-admin/internal/handler/ldapuserloginhandler.go @@ -15,7 +15,7 @@ func LdapUserLoginHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.LdapUserLoginReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func LdapUserLoginHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.LdapUserLogin(&req, userinfo) + resp := l.LdapUserLogin(&req) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/removeldaporganizationmemberhandler.go b/server/ldap-admin/internal/handler/removeldaporganizationmemberhandler.go index 43d70aab..29f9d486 100644 --- a/server/ldap-admin/internal/handler/removeldaporganizationmemberhandler.go +++ b/server/ldap-admin/internal/handler/removeldaporganizationmemberhandler.go @@ -15,7 +15,7 @@ func RemoveLdapOrganizationMemberHandler(svcCtx *svc.ServiceContext) http.Handle return func(w http.ResponseWriter, r *http.Request) { var req types.RemoveLdapOrganizationMemberReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func RemoveLdapOrganizationMemberHandler(svcCtx *svc.ServiceContext) http.Handle rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.RemoveLdapOrganizationMember(&req, userinfo) + resp := l.RemoveLdapOrganizationMember(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/updateldaporganizationhandler.go b/server/ldap-admin/internal/handler/updateldaporganizationhandler.go index 8a9846a6..f9975fdb 100644 --- a/server/ldap-admin/internal/handler/updateldaporganizationhandler.go +++ b/server/ldap-admin/internal/handler/updateldaporganizationhandler.go @@ -15,7 +15,7 @@ func UpdateLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc return func(w http.ResponseWriter, r *http.Request) { var req types.UpdateLdapOrganizationReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func UpdateLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.UpdateLdapOrganization(&req, userinfo) + resp := l.UpdateLdapOrganization(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/updateldapuserhandler.go b/server/ldap-admin/internal/handler/updateldapuserhandler.go index a0e9bc93..bdfa8d5e 100644 --- a/server/ldap-admin/internal/handler/updateldapuserhandler.go +++ b/server/ldap-admin/internal/handler/updateldapuserhandler.go @@ -15,7 +15,7 @@ func UpdateLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.UpdateLdapUserReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func UpdateLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.UpdateLdapUser(&req, userinfo) + resp := l.UpdateLdapUser(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go b/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go index 9615bbb2..afbfb3a3 100644 --- a/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go +++ b/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go @@ -15,7 +15,7 @@ func UpdateLdapUserPwdHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.UpdateLdapUserPwdReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func UpdateLdapUserPwdHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.UpdateLdapUserPwd(&req, userinfo) + resp := l.UpdateLdapUserPwd(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go b/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go index 8bd329b1..b4ab1baf 100644 --- a/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go +++ b/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go @@ -1,10 +1,10 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/email" "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -33,7 +33,11 @@ func NewAddLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.ServiceC // func (l *AddLdapOrganizationMemberLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.AddLdapOrganizationMemberReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.AddLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") req.UserDN = strings.Trim(req.UserDN, " ") if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { @@ -46,7 +50,6 @@ func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.Ad if !email.IsEmailValid(cnEmail) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) err := ldapServer.AddUserToOrganization(req.OrganizationDN, req.UserDN) if err != nil { logx.Error(err) diff --git a/server/ldap-admin/internal/logic/createldaporganizationlogic.go b/server/ldap-admin/internal/logic/createldaporganizationlogic.go index e7b9e0c7..8c516337 100644 --- a/server/ldap-admin/internal/logic/createldaporganizationlogic.go +++ b/server/ldap-admin/internal/logic/createldaporganizationlogic.go @@ -1,10 +1,10 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/chinese_to_pinyin" "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -33,7 +33,11 @@ func NewCreateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont // func (l *CreateLdapOrganizationLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLdapOrganizationReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLdapOrganizationReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationEnName = strings.Trim(req.OrganizationEnName, " ") req.ParentOrganizationDN = strings.Trim(req.ParentOrganizationDN, " ") req.BusinessCategory = strings.Trim(req.BusinessCategory, " ") @@ -52,7 +56,6 @@ func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLd } //组装organization dn organizationDN := "ou=" + req.OrganizationEnName + "," + req.ParentOrganizationDN - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) err := ldapServer.Create(organizationDN, map[string][]string{ "objectClass": {"top", "groupOfUniqueNames"}, "cn": {req.OrganizationEnName}, diff --git a/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go b/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go index 5a0cebf6..45a7337e 100644 --- a/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go +++ b/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go @@ -1,9 +1,9 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/ldap_lib" + "net/http" "context" @@ -31,8 +31,11 @@ func NewCreateLdapUserBaseGroupLogic(ctx context.Context, svcCtx *svc.ServiceCon // func (l *CreateLdapUserBaseGroupLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *CreateLdapUserBaseGroupLogic) CreateLdapUserBaseGroup(req *types.Request, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *CreateLdapUserBaseGroupLogic) CreateLdapUserBaseGroup(req *types.Request, r *http.Request) (resp *basic.Response) { ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } err := ldapServer.Create(l.svcCtx.Config.Ldap.PeopleGroupDN, map[string][]string{ "objectClass": {"top", "organizationalUnit"}, "ou": {"FusenTeam"}, diff --git a/server/ldap-admin/internal/logic/createldapuserlogic.go b/server/ldap-admin/internal/logic/createldapuserlogic.go index e7c706b3..8d20d238 100644 --- a/server/ldap-admin/internal/logic/createldapuserlogic.go +++ b/server/ldap-admin/internal/logic/createldapuserlogic.go @@ -3,13 +3,13 @@ package logic import ( "fmt" "fusenapi/model/gmodel" - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/chinese_to_pinyin" "fusenapi/utils/email" "fusenapi/utils/encryption_decryption" "fusenapi/utils/ldap_lib" "gorm.io/gorm" + "net/http" "strings" "time" @@ -39,7 +39,11 @@ func NewCreateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Cr // func (l *CreateLdapUserLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.UserName = strings.Trim(req.UserName, " ") req.Mobile = strings.Trim(req.Mobile, " ") req.Email = strings.Trim(req.Email, " ") @@ -56,7 +60,6 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, useri if !email.IsEmailValid(req.Email) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,邮箱格式不正确") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) //把用户名转pinyin userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName) userDN := fmt.Sprintf("cn=%s,%s", req.Email, l.svcCtx.Config.Ldap.PeopleGroupDN) diff --git a/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go b/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go index eabd4958..d82d8f34 100644 --- a/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go +++ b/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go @@ -1,9 +1,9 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -32,12 +32,15 @@ func NewDeleteLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont // func (l *DeleteLdapOrganizationLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *DeleteLdapOrganizationLogic) DeleteLdapOrganization(req *types.DeleteLdapOrganizationReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *DeleteLdapOrganizationLogic) DeleteLdapOrganization(req *types.DeleteLdapOrganizationReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) if err := ldapServer.Delete(req.OrganizationDN); err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "删除ldap组织失败,"+err.Error()) diff --git a/server/ldap-admin/internal/logic/deleteldapuserlogic.go b/server/ldap-admin/internal/logic/deleteldapuserlogic.go index f121400f..1640eefc 100644 --- a/server/ldap-admin/internal/logic/deleteldapuserlogic.go +++ b/server/ldap-admin/internal/logic/deleteldapuserlogic.go @@ -1,9 +1,9 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -32,12 +32,15 @@ func NewDeleteLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *De // func (l *DeleteLdapUserLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *DeleteLdapUserLogic) DeleteLdapUser(req *types.DeleteLdapUserReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *DeleteLdapUserLogic) DeleteLdapUser(req *types.DeleteLdapUserReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.UserDN = strings.Trim(req.UserDN, " ") if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的用户DN") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) err := ldapServer.Update(req.UserDN, map[string][]string{ "postalCode": {"0"}, }) diff --git a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go index bb41ed3e..47f938c3 100644 --- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go +++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go @@ -2,10 +2,10 @@ package logic import ( "fmt" - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/ldap_lib" "github.com/go-ldap/ldap/v3" + "net/http" "strings" "context" @@ -34,13 +34,16 @@ func NewGetLdapOrganizationMembersLogic(ctx context.Context, svcCtx *svc.Service // func (l *GetLdapOrganizationMembersLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.GetLdapOrganizationMembersReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.GetLdapOrganizationMembersReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN") } //先获取组织成员 - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) //获取跟用户dn筛选排除该用户 rootDNSlice := strings.Split(l.svcCtx.Config.Ldap.RootDN, ",") if len(rootDNSlice) == 0 { diff --git a/server/ldap-admin/internal/logic/getldaporganizationslogic.go b/server/ldap-admin/internal/logic/getldaporganizationslogic.go index 95291aa0..2824326c 100644 --- a/server/ldap-admin/internal/logic/getldaporganizationslogic.go +++ b/server/ldap-admin/internal/logic/getldaporganizationslogic.go @@ -1,10 +1,10 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/ldap_lib" "github.com/go-ldap/ldap/v3" + "net/http" "sort" "strings" @@ -42,13 +42,16 @@ type DNItem struct { Child []*DNItem `json:"child"` } -func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } //从ldap获取组织架构数据 rootCn := strings.Split(l.svcCtx.Config.Ldap.RootDN, ",") if len(rootCn) == 0 { return resp.SetStatusWithMessage(basic.CodeServiceErr, "root用户DN未设置") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) peopleDNSlice := strings.Split(l.svcCtx.Config.Ldap.PeopleGroupDN, ",") if len(peopleDNSlice) <= 1 { return resp.SetStatusWithMessage(basic.CodeServiceErr, "基础用户组的DN未配置") diff --git a/server/ldap-admin/internal/logic/getldapuserinfologic.go b/server/ldap-admin/internal/logic/getldapuserinfologic.go index 41d8704a..d9b3cea2 100644 --- a/server/ldap-admin/internal/logic/getldapuserinfologic.go +++ b/server/ldap-admin/internal/logic/getldapuserinfologic.go @@ -4,10 +4,10 @@ import ( "context" "fusenapi/server/ldap-admin/internal/svc" "fusenapi/server/ldap-admin/internal/types" - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/email" "fusenapi/utils/ldap_lib" + "net/http" "strings" "github.com/zeromicro/go-zero/core/logx" @@ -31,7 +31,11 @@ func NewGetLdapUserInfoLogic(ctx context.Context, svcCtx *svc.ServiceContext) *G // func (l *GetLdapUserInfoLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,用户DN错误") } @@ -39,7 +43,6 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us if !email.IsEmailValid(cnEmail) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) user, err := ldapServer.GetLdapUserInfo(req.UserDN) if err != nil { logx.Error(err) diff --git a/server/ldap-admin/internal/logic/getldapuserslogic.go b/server/ldap-admin/internal/logic/getldapuserslogic.go index 5e7c2a5d..59291afe 100644 --- a/server/ldap-admin/internal/logic/getldapuserslogic.go +++ b/server/ldap-admin/internal/logic/getldapuserslogic.go @@ -1,9 +1,9 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -32,9 +32,12 @@ func NewGetLdapUsersLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetL // func (l *GetLdapUsersLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, userinfo *auth.UserInfo) (resp *basic.Response) { - req.PageCookie = strings.Trim(req.PageCookie, " ") +func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, r *http.Request) (resp *basic.Response) { ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } + req.PageCookie = strings.Trim(req.PageCookie, " ") pageSize := uint32(20) list, cookie, err := ldapServer.GetLdapBaseTeamUserList(pageSize, req.PageCookie) if err != nil { diff --git a/server/ldap-admin/internal/logic/ldapuserloginlogic.go b/server/ldap-admin/internal/logic/ldapuserloginlogic.go index d02647b0..8433f1de 100644 --- a/server/ldap-admin/internal/logic/ldapuserloginlogic.go +++ b/server/ldap-admin/internal/logic/ldapuserloginlogic.go @@ -2,7 +2,6 @@ package logic import ( "fmt" - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/email" "fusenapi/utils/encryption_decryption" @@ -35,7 +34,7 @@ func NewLdapUserLoginLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Lda // func (l *LdapUserLoginLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *LdapUserLoginLogic) LdapUserLogin(req *types.LdapUserLoginReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *LdapUserLoginLogic) LdapUserLogin(req *types.LdapUserLoginReq) (resp *basic.Response) { req.Email = strings.Trim(req.Email, " ") req.Password = strings.Trim(req.Password, " ") if !email.IsEmailValid(req.Email) { @@ -66,7 +65,7 @@ func (l *LdapUserLoginLogic) LdapUserLogin(req *types.LdapUserLoginReq, userinfo return resp.SetStatusWithMessage(basic.CodeServiceErr, "密码错误!") } //生成token - token, err := ldapServer.GenJwtToken(ldapUserInfo.UserId, l.svcCtx.Config.Auth.AccessExpire, ldapUserInfo.UserDN, ldapUserInfo.Password) + token, err := ldapServer.GenJwtToken(ldapUserInfo.UserId, l.svcCtx.Config.Auth.AccessExpire, ldapUserInfo.UserDN, l.svcCtx.Config.Auth.AccessSecret) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "生成登录凭证失败") diff --git a/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go b/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go index a2c42ad5..e59978cb 100644 --- a/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go +++ b/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go @@ -1,10 +1,10 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/email" "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -33,7 +33,11 @@ func NewRemoveLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.Servi // func (l *RemoveLdapOrganizationMemberLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *types.RemoveLdapOrganizationMemberReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *types.RemoveLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") req.UserDN = strings.Trim(req.UserDN, " ") if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { @@ -46,7 +50,6 @@ func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *ty if !email.IsEmailValid(cnEmail) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) err := ldapServer.RemoveUserFromOrganization(req.OrganizationDN, req.UserDN) if err != nil { logx.Error(err) diff --git a/server/ldap-admin/internal/logic/updateldaporganizationlogic.go b/server/ldap-admin/internal/logic/updateldaporganizationlogic.go index 8f8b22de..abba0495 100644 --- a/server/ldap-admin/internal/logic/updateldaporganizationlogic.go +++ b/server/ldap-admin/internal/logic/updateldaporganizationlogic.go @@ -1,9 +1,9 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -32,7 +32,11 @@ func NewUpdateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont // func (l *UpdateLdapOrganizationLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLdapOrganizationReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLdapOrganizationReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") if req.OrganizationDN == "" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,组织DN不能为空") @@ -40,7 +44,6 @@ func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLd if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) if err := ldapServer.Update(req.OrganizationDN, map[string][]string{ "businessCategory": {req.BusinessCategory}, }); err != nil { diff --git a/server/ldap-admin/internal/logic/updateldapuserlogic.go b/server/ldap-admin/internal/logic/updateldapuserlogic.go index a654eda8..269d1fb6 100644 --- a/server/ldap-admin/internal/logic/updateldapuserlogic.go +++ b/server/ldap-admin/internal/logic/updateldapuserlogic.go @@ -3,11 +3,11 @@ package logic import ( "fmt" "fusenapi/model/gmodel" - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/chinese_to_pinyin" "fusenapi/utils/email" "fusenapi/utils/ldap_lib" + "net/http" "strings" "time" @@ -37,7 +37,11 @@ func NewUpdateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Up // func (l *UpdateLdapUserLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.UserDN = strings.Trim(req.UserDN, " ") req.Mobile = strings.Trim(req.Mobile, " ") req.Avatar = strings.Trim(req.Avatar, " ") @@ -54,7 +58,6 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri } //把用户名转pinyin userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName) - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) now := time.Now() //更新的属性 attr := map[string][]string{ diff --git a/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go index 891cb4f1..983256a0 100644 --- a/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go +++ b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go @@ -1,11 +1,11 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/email" "fusenapi/utils/encryption_decryption" "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -34,7 +34,11 @@ func NewUpdateLdapUserPwdLogic(ctx context.Context, svcCtx *svc.ServiceContext) // func (l *UpdateLdapUserPwdLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdReq, r *http.Request) (resp *basic.Response) { + ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.UserDN = strings.Trim(req.UserDN, " ") req.NewPassword = strings.Trim(req.NewPassword, " ") req.OldPassword = strings.Trim(req.OldPassword, " ") @@ -48,7 +52,6 @@ func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdR if !email.IsEmailValid(cnEmail) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) //查询个人信息 user, err := ldapServer.GetLdapUserInfo(req.UserDN) if err != nil { diff --git a/utils/ldap_lib/auth.go b/utils/ldap_lib/auth.go new file mode 100644 index 00000000..fe550433 --- /dev/null +++ b/utils/ldap_lib/auth.go @@ -0,0 +1,22 @@ +package ldap_lib + +import "github.com/zeromicro/go-zero/core/logx" + +// 验证权限 +func (l *Ldap) VerifyAuthority(token, jwtSecret string) bool { + info, err := l.ParseJwtToken(token, jwtSecret) + if err != nil { + logx.Error("解析token失败", err, "----token:", token) + return false + } + //查询ldap + userInfo, err := l.GetLdapUserInfo(info.UserDN) + if err != nil { + logx.Error("获取ldap用户信息失败", err, "----user_dn:", info.UserDN) + } + if userInfo.Status != 1 { + return false + } + // TODO 查询权限组相关信息 + return true +} diff --git a/utils/ldap_lib/jwt_parse.go b/utils/ldap_lib/jwt_parse.go index 6dcaa432..0360e1c3 100644 --- a/utils/ldap_lib/jwt_parse.go +++ b/utils/ldap_lib/jwt_parse.go @@ -13,14 +13,14 @@ type UserInfo struct { } // 生成token -func (l *Ldap) GenJwtToken(userId, expireTime int64, userDN, password string) (token string, err error) { +func (l *Ldap) GenJwtToken(userId, expireTime int64, userDN, secret string) (token string, err error) { t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ "user_dn": userDN, "user_id": userId, "exp": time.Now().Add(time.Second * time.Duration(expireTime)).Unix(), //过期时间 "iss": "fusen", }) - token, err = t.SignedString([]byte(password)) + token, err = t.SignedString([]byte(secret)) if err != nil { return "", err } @@ -28,13 +28,13 @@ func (l *Ldap) GenJwtToken(userId, expireTime int64, userDN, password string) (t } // 解释token -func (l *Ldap) ParseJwtToken(token, password string) (UserInfo, error) { +func (l *Ldap) ParseJwtToken(token, secret string) (UserInfo, error) { if len(token) <= 7 || token[:7] != "Bearer " { return UserInfo{}, errors.New("无效的token") } token = token[7:] t, err := jwt.ParseWithClaims(token, jwt.MapClaims{}, func(token *jwt.Token) (interface{}, error) { - return []byte(password), nil + return []byte(secret), nil }) if err != nil { return UserInfo{}, err @@ -49,3 +49,5 @@ func (l *Ldap) ParseJwtToken(token, password string) (UserInfo, error) { } return userInfo, nil } + +//