diff --git a/model/gmodel/ldap_user_logic.go b/model/gmodel/ldap_user_logic.go index 422460ca..f99b2b48 100644 --- a/model/gmodel/ldap_user_logic.go +++ b/model/gmodel/ldap_user_logic.go @@ -6,3 +6,18 @@ import "context" func (u *LdapUserModel) Create(ctx context.Context, data *LdapUser) error { return u.db.WithContext(ctx).Model(&LdapUser{}).Create(&data).Error } +func (u *LdapUserModel) Update(ctx context.Context, userDN string, data *LdapUser) error { + return u.db.WithContext(ctx).Model(&LdapUser{}).Where("user_dn = ?", userDN).Updates(&data).Error +} + +func (u *LdapUserModel) Delete(ctx context.Context, id int64) error { + return u.db.WithContext(ctx).Model(&LdapUser{}).Where("id = ?", id).Delete(&LdapUser{}).Error +} + +func (u *LdapUserModel) GetAllByIds(ctx context.Context, ids []int64) (resp []LdapUser, err error) { + if len(ids) == 0 { + return + } + err = u.db.WithContext(ctx).Model(&LdapUser{}).Where("id in (?)", ids).Find(&resp).Error + return resp, err +} diff --git a/server/ldap-admin/internal/handler/addldaporganizationmemberhandler.go b/server/ldap-admin/internal/handler/addldaporganizationmemberhandler.go index 36830cba..aedb3caf 100644 --- a/server/ldap-admin/internal/handler/addldaporganizationmemberhandler.go +++ b/server/ldap-admin/internal/handler/addldaporganizationmemberhandler.go @@ -15,7 +15,7 @@ func AddLdapOrganizationMemberHandler(svcCtx *svc.ServiceContext) http.HandlerFu return func(w http.ResponseWriter, r *http.Request) { var req types.AddLdapOrganizationMemberReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func AddLdapOrganizationMemberHandler(svcCtx *svc.ServiceContext) http.HandlerFu rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.AddLdapOrganizationMember(&req, userinfo) + resp := l.AddLdapOrganizationMember(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/createldaporganizationhandler.go b/server/ldap-admin/internal/handler/createldaporganizationhandler.go index fcfe86f6..cfe47f9b 100644 --- a/server/ldap-admin/internal/handler/createldaporganizationhandler.go +++ b/server/ldap-admin/internal/handler/createldaporganizationhandler.go @@ -15,7 +15,7 @@ func CreateLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc return func(w http.ResponseWriter, r *http.Request) { var req types.CreateLdapOrganizationReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func CreateLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.CreateLdapOrganization(&req, userinfo) + resp := l.CreateLdapOrganization(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/createldapuserbasegrouphandler.go b/server/ldap-admin/internal/handler/createldapuserbasegrouphandler.go index ac573e2f..6f03b35e 100644 --- a/server/ldap-admin/internal/handler/createldapuserbasegrouphandler.go +++ b/server/ldap-admin/internal/handler/createldapuserbasegrouphandler.go @@ -15,7 +15,7 @@ func CreateLdapUserBaseGroupHandler(svcCtx *svc.ServiceContext) http.HandlerFunc return func(w http.ResponseWriter, r *http.Request) { var req types.Request - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func CreateLdapUserBaseGroupHandler(svcCtx *svc.ServiceContext) http.HandlerFunc rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.CreateLdapUserBaseGroup(&req, userinfo) + resp := l.CreateLdapUserBaseGroup(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/createldapuserhandler.go b/server/ldap-admin/internal/handler/createldapuserhandler.go index 9f69d186..0d86a776 100644 --- a/server/ldap-admin/internal/handler/createldapuserhandler.go +++ b/server/ldap-admin/internal/handler/createldapuserhandler.go @@ -15,7 +15,7 @@ func CreateLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.CreateLdapUserReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func CreateLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.CreateLdapUser(&req, userinfo) + resp := l.CreateLdapUser(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/deleteldaporganizationhandler.go b/server/ldap-admin/internal/handler/deleteldaporganizationhandler.go index b209a1a6..d4cf87b5 100644 --- a/server/ldap-admin/internal/handler/deleteldaporganizationhandler.go +++ b/server/ldap-admin/internal/handler/deleteldaporganizationhandler.go @@ -15,7 +15,7 @@ func DeleteLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc return func(w http.ResponseWriter, r *http.Request) { var req types.DeleteLdapOrganizationReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func DeleteLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.DeleteLdapOrganization(&req, userinfo) + resp := l.DeleteLdapOrganization(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/deleteldapuserhandler.go b/server/ldap-admin/internal/handler/deleteldapuserhandler.go index f36b160c..2639d483 100644 --- a/server/ldap-admin/internal/handler/deleteldapuserhandler.go +++ b/server/ldap-admin/internal/handler/deleteldapuserhandler.go @@ -15,7 +15,7 @@ func DeleteLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.DeleteLdapUserReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func DeleteLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.DeleteLdapUser(&req, userinfo) + resp := l.DeleteLdapUser(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/getldaporganizationmembershandler.go b/server/ldap-admin/internal/handler/getldaporganizationmembershandler.go index 23dbfbdc..471b5cf0 100644 --- a/server/ldap-admin/internal/handler/getldaporganizationmembershandler.go +++ b/server/ldap-admin/internal/handler/getldaporganizationmembershandler.go @@ -15,7 +15,7 @@ func GetLdapOrganizationMembersHandler(svcCtx *svc.ServiceContext) http.HandlerF return func(w http.ResponseWriter, r *http.Request) { var req types.GetLdapOrganizationMembersReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func GetLdapOrganizationMembersHandler(svcCtx *svc.ServiceContext) http.HandlerF rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.GetLdapOrganizationMembers(&req, userinfo) + resp := l.GetLdapOrganizationMembers(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/getldaporganizationshandler.go b/server/ldap-admin/internal/handler/getldaporganizationshandler.go index b98edbd4..55bbc992 100644 --- a/server/ldap-admin/internal/handler/getldaporganizationshandler.go +++ b/server/ldap-admin/internal/handler/getldaporganizationshandler.go @@ -15,7 +15,7 @@ func GetLdapOrganizationsHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.Request - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func GetLdapOrganizationsHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.GetLdapOrganizations(&req, userinfo) + resp := l.GetLdapOrganizations(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/getldapuserinfohandler.go b/server/ldap-admin/internal/handler/getldapuserinfohandler.go index d2e7116b..ac721cc9 100644 --- a/server/ldap-admin/internal/handler/getldapuserinfohandler.go +++ b/server/ldap-admin/internal/handler/getldapuserinfohandler.go @@ -15,7 +15,7 @@ func GetLdapUserInfoHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.GetLdapUserInfoReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func GetLdapUserInfoHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.GetLdapUserInfo(&req, userinfo) + resp := l.GetLdapUserInfo(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/getldapusershandler.go b/server/ldap-admin/internal/handler/getldapusershandler.go index bc255166..6c24ba09 100644 --- a/server/ldap-admin/internal/handler/getldapusershandler.go +++ b/server/ldap-admin/internal/handler/getldapusershandler.go @@ -15,7 +15,7 @@ func GetLdapUsersHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.GetLdapUsersReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func GetLdapUsersHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.GetLdapUsers(&req, userinfo) + resp := l.GetLdapUsers(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/ldapuserloginhandler.go b/server/ldap-admin/internal/handler/ldapuserloginhandler.go new file mode 100644 index 00000000..07540e11 --- /dev/null +++ b/server/ldap-admin/internal/handler/ldapuserloginhandler.go @@ -0,0 +1,35 @@ +package handler + +import ( + "net/http" + "reflect" + + "fusenapi/utils/basic" + + "fusenapi/server/ldap-admin/internal/logic" + "fusenapi/server/ldap-admin/internal/svc" + "fusenapi/server/ldap-admin/internal/types" +) + +func LdapUserLoginHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + + var req types.LdapUserLoginReq + _, err := basic.RequestParse(w, r, svcCtx, &req) + if err != nil { + return + } + + // 创建一个业务逻辑层实例 + l := logic.NewLdapUserLoginLogic(r.Context(), svcCtx) + + rl := reflect.ValueOf(l) + basic.BeforeLogic(w, r, rl) + + resp := l.LdapUserLogin(&req) + + if !basic.AfterLogic(w, r, rl, resp) { + basic.NormalAfterLogic(w, r, resp) + } + } +} diff --git a/server/ldap-admin/internal/handler/removeldaporganizationmemberhandler.go b/server/ldap-admin/internal/handler/removeldaporganizationmemberhandler.go index 43d70aab..29f9d486 100644 --- a/server/ldap-admin/internal/handler/removeldaporganizationmemberhandler.go +++ b/server/ldap-admin/internal/handler/removeldaporganizationmemberhandler.go @@ -15,7 +15,7 @@ func RemoveLdapOrganizationMemberHandler(svcCtx *svc.ServiceContext) http.Handle return func(w http.ResponseWriter, r *http.Request) { var req types.RemoveLdapOrganizationMemberReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func RemoveLdapOrganizationMemberHandler(svcCtx *svc.ServiceContext) http.Handle rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.RemoveLdapOrganizationMember(&req, userinfo) + resp := l.RemoveLdapOrganizationMember(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/routes.go b/server/ldap-admin/internal/handler/routes.go index c6e92528..3a4d4898 100644 --- a/server/ldap-admin/internal/handler/routes.go +++ b/server/ldap-admin/internal/handler/routes.go @@ -147,6 +147,11 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) { Path: "/api/ldap-admin/get_ldap_users", Handler: GetLdapUsersHandler(serverCtx), }, + { + Method: http.MethodPost, + Path: "/api/ldap-admin/ldap_user_login", + Handler: LdapUserLoginHandler(serverCtx), + }, }, ) } diff --git a/server/ldap-admin/internal/handler/updateldaporganizationhandler.go b/server/ldap-admin/internal/handler/updateldaporganizationhandler.go index 8a9846a6..f9975fdb 100644 --- a/server/ldap-admin/internal/handler/updateldaporganizationhandler.go +++ b/server/ldap-admin/internal/handler/updateldaporganizationhandler.go @@ -15,7 +15,7 @@ func UpdateLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc return func(w http.ResponseWriter, r *http.Request) { var req types.UpdateLdapOrganizationReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func UpdateLdapOrganizationHandler(svcCtx *svc.ServiceContext) http.HandlerFunc rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.UpdateLdapOrganization(&req, userinfo) + resp := l.UpdateLdapOrganization(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/updateldapuserhandler.go b/server/ldap-admin/internal/handler/updateldapuserhandler.go index a0e9bc93..bdfa8d5e 100644 --- a/server/ldap-admin/internal/handler/updateldapuserhandler.go +++ b/server/ldap-admin/internal/handler/updateldapuserhandler.go @@ -15,7 +15,7 @@ func UpdateLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.UpdateLdapUserReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func UpdateLdapUserHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.UpdateLdapUser(&req, userinfo) + resp := l.UpdateLdapUser(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go b/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go index 9615bbb2..afbfb3a3 100644 --- a/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go +++ b/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go @@ -15,7 +15,7 @@ func UpdateLdapUserPwdHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.UpdateLdapUserPwdReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func UpdateLdapUserPwdHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.UpdateLdapUserPwd(&req, userinfo) + resp := l.UpdateLdapUserPwd(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go b/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go index 8bd329b1..3c59479e 100644 --- a/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go +++ b/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go @@ -1,10 +1,9 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/email" - "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -33,7 +32,11 @@ func NewAddLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.ServiceC // func (l *AddLdapOrganizationMemberLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.AddLdapOrganizationMemberReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.AddLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") req.UserDN = strings.Trim(req.UserDN, " ") if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { @@ -46,8 +49,7 @@ func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.Ad if !email.IsEmailValid(cnEmail) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) - err := ldapServer.AddUserToOrganization(req.OrganizationDN, req.UserDN) + err := l.svcCtx.Ldap.AddUserToOrganization(req.OrganizationDN, req.UserDN) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "添加成员失败,"+err.Error()) diff --git a/server/ldap-admin/internal/logic/createldaporganizationlogic.go b/server/ldap-admin/internal/logic/createldaporganizationlogic.go index e7b9e0c7..cd72b116 100644 --- a/server/ldap-admin/internal/logic/createldaporganizationlogic.go +++ b/server/ldap-admin/internal/logic/createldaporganizationlogic.go @@ -1,10 +1,9 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/chinese_to_pinyin" - "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -33,7 +32,11 @@ func NewCreateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont // func (l *CreateLdapOrganizationLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLdapOrganizationReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLdapOrganizationReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationEnName = strings.Trim(req.OrganizationEnName, " ") req.ParentOrganizationDN = strings.Trim(req.ParentOrganizationDN, " ") req.BusinessCategory = strings.Trim(req.BusinessCategory, " ") @@ -52,8 +55,7 @@ func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLd } //组装organization dn organizationDN := "ou=" + req.OrganizationEnName + "," + req.ParentOrganizationDN - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) - err := ldapServer.Create(organizationDN, map[string][]string{ + err := l.svcCtx.Ldap.Create(organizationDN, map[string][]string{ "objectClass": {"top", "groupOfUniqueNames"}, "cn": {req.OrganizationEnName}, "ou": {req.OrganizationEnName}, diff --git a/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go b/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go index 5a0cebf6..ce6d27c1 100644 --- a/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go +++ b/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go @@ -1,9 +1,8 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" - "fusenapi/utils/ldap_lib" + "net/http" "context" @@ -31,9 +30,12 @@ func NewCreateLdapUserBaseGroupLogic(ctx context.Context, svcCtx *svc.ServiceCon // func (l *CreateLdapUserBaseGroupLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *CreateLdapUserBaseGroupLogic) CreateLdapUserBaseGroup(req *types.Request, userinfo *auth.UserInfo) (resp *basic.Response) { - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) - err := ldapServer.Create(l.svcCtx.Config.Ldap.PeopleGroupDN, map[string][]string{ +func (l *CreateLdapUserBaseGroupLogic) CreateLdapUserBaseGroup(req *types.Request, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } + err := l.svcCtx.Ldap.Create(l.svcCtx.Config.Ldap.PeopleGroupDN, map[string][]string{ "objectClass": {"top", "organizationalUnit"}, "ou": {"FusenTeam"}, "businessCategory": {"FUSEN团队"}, diff --git a/server/ldap-admin/internal/logic/createldapuserlogic.go b/server/ldap-admin/internal/logic/createldapuserlogic.go index 3134f5c8..69174a29 100644 --- a/server/ldap-admin/internal/logic/createldapuserlogic.go +++ b/server/ldap-admin/internal/logic/createldapuserlogic.go @@ -3,13 +3,14 @@ package logic import ( "fmt" "fusenapi/model/gmodel" - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/chinese_to_pinyin" "fusenapi/utils/email" "fusenapi/utils/encryption_decryption" - "fusenapi/utils/ldap_lib" + "gorm.io/gorm" + "net/http" "strings" + "time" "context" @@ -37,7 +38,11 @@ func NewCreateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Cr // func (l *CreateLdapUserLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.UserName = strings.Trim(req.UserName, " ") req.Mobile = strings.Trim(req.Mobile, " ") req.Email = strings.Trim(req.Email, " ") @@ -54,43 +59,47 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, useri if !email.IsEmailValid(req.Email) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,邮箱格式不正确") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) //把用户名转pinyin userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName) - //新增一条记录获取递增用户id - userData := &gmodel.LdapUser{} - if err := l.svcCtx.AllModels.LdapUser.Create(l.ctx, userData); err != nil { - logx.Error(err) - return resp.SetStatusWithMessage(basic.CodeDbSqlErr, "获取自增用户id失败") - } userDN := fmt.Sprintf("cn=%s,%s", req.Email, l.svcCtx.Config.Ldap.PeopleGroupDN) - pwd, err := encryption_decryption.CBCEncrypt(req.Password) + //新增一条记录获取递增用户id + now := time.Now().UTC() + err := l.svcCtx.MysqlConn.Transaction(func(tx *gorm.DB) error { + userData := &gmodel.LdapUser{ + UserDn: &userDN, + Ctime: &now, + Utime: &now, + } + if err := tx.WithContext(l.ctx).Model(&gmodel.LdapUser{}).Create(userData).Error; err != nil { + return err + } + pwd, err := encryption_decryption.CBCEncrypt(req.Password) + if err != nil { + return err + } + return l.svcCtx.Ldap.Create(userDN, map[string][]string{ + "objectClass": {"person", "organizationalPerson", "inetOrgPerson", "posixAccount", "top", "shadowAccount"}, //固有属性 + "shadowLastChange": {"19676"}, //固有属性 + "shadowMin": {"0"}, //固有属性 + "shadowMax": {"99999"}, //固有属性 + "shadowWarning": {"7"}, //固有属性 + "loginShell": {"/usr/sbin/nologin"}, //固有属性 + "homeDirectory": {"/home/users/" + userNamePinyin}, + "employeeType": {fmt.Sprintf("%d", req.EmployeeType)}, //员工类型:1正式 2实习 3外包 + "uidNumber": {fmt.Sprintf("%d", userData.Id)}, //用户id + "gidNumber": {fmt.Sprintf("%d", userData.Id)}, //用户id + "uid": {userNamePinyin}, //用户名(拼音) + "cn": {req.Email}, //邮箱 + "sn": {req.UserName}, //用户名 + "mail": {req.Email}, //邮箱 + "postalCode": {fmt.Sprintf("%d", req.Status)}, //状态 + "departmentNumber": {fmt.Sprintf("%d", req.GroupId)}, //权限分组id + "postalAddress": {req.Avatar}, //头像 + "mobile": {req.Mobile}, //手机号 + "userPassword": {"{crypt}" + pwd}, //密码 + }) + }) if err != nil { - logx.Error(err) - return resp.SetStatusWithMessage(basic.CodeServiceErr, "加密密码失败") - } - if err := ldapServer.Create(userDN, map[string][]string{ - "objectClass": {"person", "organizationalPerson", "inetOrgPerson", "posixAccount", "top", "shadowAccount"}, //固有属性 - "shadowLastChange": {"19676"}, //固有属性 - "shadowMin": {"0"}, //固有属性 - "shadowMax": {"99999"}, //固有属性 - "shadowWarning": {"7"}, //固有属性 - "loginShell": {"/usr/sbin/nologin"}, //固有属性 - "homeDirectory": {"/home/users/" + userNamePinyin}, - "employeeType": {fmt.Sprintf("%d", req.EmployeeType)}, //员工类型:1正式 2实习 3外包 - "uidNumber": {fmt.Sprintf("%d", userData.Id)}, //用户id - "gidNumber": {fmt.Sprintf("%d", userData.Id)}, //用户id - "uid": {userNamePinyin}, //用户名(拼音) - "cn": {req.Email}, //邮箱 - "sn": {req.UserName}, //用户名 - "mail": {req.Email}, //邮箱 - "postalCode": {fmt.Sprintf("%d", req.Status)}, //状态 - "departmentNumber": {fmt.Sprintf("%d", req.GroupId)}, //权限分组id - "postalAddress": {req.Avatar}, //头像 - "mobile": {req.Mobile}, //手机号 - "userPassword": {"{crypt}" + pwd}, //密码 - }); err != nil { - logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "添加用户失败,"+err.Error()) } return resp.SetStatusWithMessage(basic.CodeOK, "添加用户成功") diff --git a/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go b/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go index eabd4958..05785cad 100644 --- a/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go +++ b/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go @@ -1,9 +1,8 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" - "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -32,13 +31,16 @@ func NewDeleteLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont // func (l *DeleteLdapOrganizationLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *DeleteLdapOrganizationLogic) DeleteLdapOrganization(req *types.DeleteLdapOrganizationReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *DeleteLdapOrganizationLogic) DeleteLdapOrganization(req *types.DeleteLdapOrganizationReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) - if err := ldapServer.Delete(req.OrganizationDN); err != nil { + if err := l.svcCtx.Ldap.Delete(req.OrganizationDN); err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "删除ldap组织失败,"+err.Error()) } diff --git a/server/ldap-admin/internal/logic/deleteldapuserlogic.go b/server/ldap-admin/internal/logic/deleteldapuserlogic.go index f121400f..0d9a379f 100644 --- a/server/ldap-admin/internal/logic/deleteldapuserlogic.go +++ b/server/ldap-admin/internal/logic/deleteldapuserlogic.go @@ -1,9 +1,8 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" - "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -32,13 +31,16 @@ func NewDeleteLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *De // func (l *DeleteLdapUserLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *DeleteLdapUserLogic) DeleteLdapUser(req *types.DeleteLdapUserReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *DeleteLdapUserLogic) DeleteLdapUser(req *types.DeleteLdapUserReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.UserDN = strings.Trim(req.UserDN, " ") if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的用户DN") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) - err := ldapServer.Update(req.UserDN, map[string][]string{ + err := l.svcCtx.Ldap.Update(req.UserDN, map[string][]string{ "postalCode": {"0"}, }) if err != nil { diff --git a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go index e2db366d..874228b3 100644 --- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go +++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go @@ -2,10 +2,9 @@ package logic import ( "fmt" - "fusenapi/utils/auth" "fusenapi/utils/basic" - "fusenapi/utils/ldap_lib" "github.com/go-ldap/ldap/v3" + "net/http" "strings" "context" @@ -34,13 +33,16 @@ func NewGetLdapOrganizationMembersLogic(ctx context.Context, svcCtx *svc.Service // func (l *GetLdapOrganizationMembersLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.GetLdapOrganizationMembersReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.GetLdapOrganizationMembersReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN") } //先获取组织成员 - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) //获取跟用户dn筛选排除该用户 rootDNSlice := strings.Split(l.svcCtx.Config.Ldap.RootDN, ",") if len(rootDNSlice) == 0 { @@ -49,7 +51,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types. rootCn := rootDNSlice[0] filter := "(&(objectClass=groupOfUniqueNames)(!(" + rootCn + ")))" fields := []string{"uniqueMember"} //只是查询成员 - result, err := ldapServer.Search(req.OrganizationDN, ldap.ScopeWholeSubtree, filter, fields, nil) + result, err := l.svcCtx.Ldap.Search(req.OrganizationDN, ldap.ScopeWholeSubtree, filter, fields, nil) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap组织成员错误,"+err.Error()) @@ -74,7 +76,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types. } //解析dn成每个小的单元 cellList := strings.Split(memberDn, ",") //取cn邮箱 - filterBuilder.WriteString(fmt.Sprintf("(&%s)", "("+cellList[0]+")")) + filterBuilder.WriteString(fmt.Sprintf("(%s)", cellList[0])) } break } @@ -83,13 +85,20 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types. //从新赋值filter filter = "(&(objectClass=posixAccount)(objectClass=inetOrgPerson)(|" + filterBuilder.String() + "))" //从用户基本组中找到员工 - userList, err := ldapServer.GetLdapBaseTeamUsersByParams(filter) + userList, err := l.svcCtx.Ldap.GetLdapBaseTeamUsersByParams(filter) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error()) } list := make([]types.GetLdapOrganizationMembersItem, 0, memberCount) for _, user := range userList { + if user.Status != 1 { + //从部门member中移出 + if err = l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, user.UserDN); err != nil { + logx.Error("移除用户成员失败:", err) + } + continue + } list = append(list, types.GetLdapOrganizationMembersItem{ UserId: user.UserId, UserDN: user.UserDN, @@ -99,8 +108,6 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types. Avatar: user.Avatar, EmployeeType: user.EmployeeType, Status: user.Status, - //CreateTime: user.CreateTime.Format("2006-01-02 15:04:05"), - //UpdateTime: user.UpdateTime.Format("2006-01-02 15:04:05"), }) } return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{ diff --git a/server/ldap-admin/internal/logic/getldaporganizationslogic.go b/server/ldap-admin/internal/logic/getldaporganizationslogic.go index 95291aa0..a97fe93d 100644 --- a/server/ldap-admin/internal/logic/getldaporganizationslogic.go +++ b/server/ldap-admin/internal/logic/getldaporganizationslogic.go @@ -1,10 +1,9 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" - "fusenapi/utils/ldap_lib" "github.com/go-ldap/ldap/v3" + "net/http" "sort" "strings" @@ -42,20 +41,23 @@ type DNItem struct { Child []*DNItem `json:"child"` } -func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } //从ldap获取组织架构数据 rootCn := strings.Split(l.svcCtx.Config.Ldap.RootDN, ",") if len(rootCn) == 0 { return resp.SetStatusWithMessage(basic.CodeServiceErr, "root用户DN未设置") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) peopleDNSlice := strings.Split(l.svcCtx.Config.Ldap.PeopleGroupDN, ",") if len(peopleDNSlice) <= 1 { return resp.SetStatusWithMessage(basic.CodeServiceErr, "基础用户组的DN未配置") } filter := "(|(&(objectClass=groupOfUniqueNames)(objectClass=top))(objectClass=organization))" fields := []string{"businessCategory", "dn", "uniqueMember"} - searchResult, err := ldapServer.Search(l.svcCtx.Config.Ldap.BaseDN, ldap.ScopeWholeSubtree, filter, fields, nil) + searchResult, err := l.svcCtx.Ldap.Search(l.svcCtx.Config.Ldap.BaseDN, ldap.ScopeWholeSubtree, filter, fields, nil) if err != nil { return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询失败:"+err.Error()) } diff --git a/server/ldap-admin/internal/logic/getldapuserinfologic.go b/server/ldap-admin/internal/logic/getldapuserinfologic.go index d8b396fe..e2212827 100644 --- a/server/ldap-admin/internal/logic/getldapuserinfologic.go +++ b/server/ldap-admin/internal/logic/getldapuserinfologic.go @@ -4,10 +4,9 @@ import ( "context" "fusenapi/server/ldap-admin/internal/svc" "fusenapi/server/ldap-admin/internal/types" - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/email" - "fusenapi/utils/ldap_lib" + "net/http" "strings" "github.com/zeromicro/go-zero/core/logx" @@ -31,7 +30,11 @@ func NewGetLdapUserInfoLogic(ctx context.Context, svcCtx *svc.ServiceContext) *G // func (l *GetLdapUserInfoLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,用户DN错误") } @@ -39,8 +42,7 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us if !email.IsEmailValid(cnEmail) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) - user, err := ldapServer.GetLdapUserInfo(req.UserDN) + user, err := l.svcCtx.Ldap.GetLdapUserInfo(req.UserDN) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error()) @@ -54,8 +56,6 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us Avatar: user.Avatar, Status: user.Status, EmployeeTpye: user.EmployeeType, - //CreateTime: user.CreateTime.Format("2006-01-02 15:04:05"), - //UpdateTime: user.UpdateTime.Format("2006-01-02 15:04:05"), }) } diff --git a/server/ldap-admin/internal/logic/getldapuserslogic.go b/server/ldap-admin/internal/logic/getldapuserslogic.go index 68941660..93119f7d 100644 --- a/server/ldap-admin/internal/logic/getldapuserslogic.go +++ b/server/ldap-admin/internal/logic/getldapuserslogic.go @@ -1,9 +1,8 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" - "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -32,11 +31,14 @@ func NewGetLdapUsersLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetL // func (l *GetLdapUsersLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.PageCookie = strings.Trim(req.PageCookie, " ") - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) pageSize := uint32(20) - list, cookie, err := ldapServer.GetLdapBaseTeamUserList(pageSize, req.PageCookie) + list, cookie, err := l.svcCtx.Ldap.GetLdapBaseTeamUserList(pageSize, req.PageCookie) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询用户列表报错,"+err.Error()) @@ -52,8 +54,6 @@ func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, userinfo *a Avatar: v.Avatar, EmployeeType: v.EmployeeType, Status: v.Status, - //CreateTime: v.CreateTime.Format("2006-01-02 15:04:05"), - //UpdateTime: v.UpdateTime.Format("2006-01-02 15:04:05"), }) } return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapUsersRsp{ diff --git a/server/ldap-admin/internal/logic/ldapuserloginlogic.go b/server/ldap-admin/internal/logic/ldapuserloginlogic.go new file mode 100644 index 00000000..750e23ce --- /dev/null +++ b/server/ldap-admin/internal/logic/ldapuserloginlogic.go @@ -0,0 +1,80 @@ +package logic + +import ( + "fmt" + "fusenapi/utils/basic" + "fusenapi/utils/email" + "fusenapi/utils/encryption_decryption" + "strings" + + "context" + + "fusenapi/server/ldap-admin/internal/svc" + "fusenapi/server/ldap-admin/internal/types" + + "github.com/zeromicro/go-zero/core/logx" +) + +type LdapUserLoginLogic struct { + logx.Logger + ctx context.Context + svcCtx *svc.ServiceContext +} + +func NewLdapUserLoginLogic(ctx context.Context, svcCtx *svc.ServiceContext) *LdapUserLoginLogic { + return &LdapUserLoginLogic{ + Logger: logx.WithContext(ctx), + ctx: ctx, + svcCtx: svcCtx, + } +} + +// 处理进入前逻辑w,r +// func (l *LdapUserLoginLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { +// } + +func (l *LdapUserLoginLogic) LdapUserLogin(req *types.LdapUserLoginReq) (resp *basic.Response) { + req.Email = strings.Trim(req.Email, " ") + req.Password = strings.Trim(req.Password, " ") + if !email.IsEmailValid(req.Email) { + return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "邮箱格式不正确") + } + userDN := fmt.Sprintf("cn=%s,%s", req.Email, l.svcCtx.Config.Ldap.PeopleGroupDN) + //查询dn + + ldapUserInfo, err := l.svcCtx.Ldap.GetLdapUserInfo(userDN) + if err != nil { + logx.Error(err) + return resp.SetStatusWithMessage(basic.CodeServiceErr, "获取用户信息失败,"+err.Error()) + } + if ldapUserInfo.Status != 1 { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限登录") + } + if len(ldapUserInfo.Password) <= 7 { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "该帐号密码异常") + } + //解密密码 + ldapPwd, err := encryption_decryption.CBCDecrypt(ldapUserInfo.Password[7:]) + if err != nil { + logx.Error(err) + return resp.SetStatusWithMessage(basic.CodeServiceErr, "验证密码出错了!") + } + //比较密码 + if ldapPwd != req.Password { + return resp.SetStatusWithMessage(basic.CodeServiceErr, "密码错误!") + } + //生成token + token, err := l.svcCtx.Ldap.GenJwtToken(ldapUserInfo.UserId, l.svcCtx.Config.Auth.AccessExpire, ldapUserInfo.UserDN, l.svcCtx.Config.Auth.AccessSecret) + if err != nil { + logx.Error(err) + return resp.SetStatusWithMessage(basic.CodeServiceErr, "生成登录凭证失败") + } + return resp.SetStatusWithMessage(basic.CodeOK, "success", types.LdapUserLoginRsp{ + Token: token, + }) +} + +// 处理逻辑后 w,r 如:重定向, resp 必须重新处理 +// func (l *LdapUserLoginLogic) AfterLogic(w http.ResponseWriter, r *http.Request, resp *basic.Response) { +// // httpx.OkJsonCtx(r.Context(), w, resp) +// } diff --git a/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go b/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go index a2c42ad5..074fbc3b 100644 --- a/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go +++ b/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go @@ -1,10 +1,9 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/email" - "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -33,7 +32,11 @@ func NewRemoveLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.Servi // func (l *RemoveLdapOrganizationMemberLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *types.RemoveLdapOrganizationMemberReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *types.RemoveLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") req.UserDN = strings.Trim(req.UserDN, " ") if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { @@ -46,8 +49,7 @@ func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *ty if !email.IsEmailValid(cnEmail) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) - err := ldapServer.RemoveUserFromOrganization(req.OrganizationDN, req.UserDN) + err := l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, req.UserDN) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "移除成员失败,"+err.Error()) diff --git a/server/ldap-admin/internal/logic/updateldaporganizationlogic.go b/server/ldap-admin/internal/logic/updateldaporganizationlogic.go index 8f8b22de..5f0e91b5 100644 --- a/server/ldap-admin/internal/logic/updateldaporganizationlogic.go +++ b/server/ldap-admin/internal/logic/updateldaporganizationlogic.go @@ -1,9 +1,8 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" - "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -32,7 +31,11 @@ func NewUpdateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont // func (l *UpdateLdapOrganizationLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLdapOrganizationReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLdapOrganizationReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.OrganizationDN = strings.Trim(req.OrganizationDN, " ") if req.OrganizationDN == "" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,组织DN不能为空") @@ -40,8 +43,7 @@ func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLd if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) - if err := ldapServer.Update(req.OrganizationDN, map[string][]string{ + if err := l.svcCtx.Ldap.Update(req.OrganizationDN, map[string][]string{ "businessCategory": {req.BusinessCategory}, }); err != nil { logx.Error(err) diff --git a/server/ldap-admin/internal/logic/updateldapuserlogic.go b/server/ldap-admin/internal/logic/updateldapuserlogic.go index 3f2390c9..3d058a1a 100644 --- a/server/ldap-admin/internal/logic/updateldapuserlogic.go +++ b/server/ldap-admin/internal/logic/updateldapuserlogic.go @@ -2,12 +2,13 @@ package logic import ( "fmt" - "fusenapi/utils/auth" + "fusenapi/model/gmodel" "fusenapi/utils/basic" "fusenapi/utils/chinese_to_pinyin" "fusenapi/utils/email" - "fusenapi/utils/ldap_lib" + "net/http" "strings" + "time" "context" @@ -35,7 +36,11 @@ func NewUpdateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Up // func (l *UpdateLdapUserLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.UserDN = strings.Trim(req.UserDN, " ") req.Mobile = strings.Trim(req.Mobile, " ") req.Avatar = strings.Trim(req.Avatar, " ") @@ -52,7 +57,7 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri } //把用户名转pinyin userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName) - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) + now := time.Now() //更新的属性 attr := map[string][]string{ "homeDirectory": {"/home/users/" + userNamePinyin}, @@ -64,11 +69,17 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri "postalCode": {fmt.Sprintf("%d", req.Status)}, "employeeType": {fmt.Sprintf("%d", req.EmployeeType)}, } - err := ldapServer.Update(req.UserDN, attr) + err := l.svcCtx.Ldap.Update(req.UserDN, attr) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "更新用户失败,"+err.Error()) } + err = l.svcCtx.AllModels.LdapUser.Update(l.ctx, req.UserDN, &gmodel.LdapUser{ + Utime: &now, + }) + if err != nil { + logx.Error(err) + } return resp.SetStatusWithMessage(basic.CodeOK, "更新用户成功") } diff --git a/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go index 891cb4f1..3f4b15d5 100644 --- a/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go +++ b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go @@ -1,11 +1,10 @@ package logic import ( - "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/email" "fusenapi/utils/encryption_decryption" - "fusenapi/utils/ldap_lib" + "net/http" "strings" "context" @@ -34,7 +33,11 @@ func NewUpdateLdapUserPwdLogic(ctx context.Context, svcCtx *svc.ServiceContext) // func (l *UpdateLdapUserPwdLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdReq, r *http.Request) (resp *basic.Response) { + + if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } req.UserDN = strings.Trim(req.UserDN, " ") req.NewPassword = strings.Trim(req.NewPassword, " ") req.OldPassword = strings.Trim(req.OldPassword, " ") @@ -48,9 +51,8 @@ func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdR if !email.IsEmailValid(cnEmail) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn") } - ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) //查询个人信息 - user, err := ldapServer.GetLdapUserInfo(req.UserDN) + user, err := l.svcCtx.Ldap.GetLdapUserInfo(req.UserDN) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error()) @@ -73,7 +75,7 @@ func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdR logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "加密密码失败") } - err = ldapServer.Update(req.UserDN, map[string][]string{ + err = l.svcCtx.Ldap.Update(req.UserDN, map[string][]string{ "userPassword": {"{crypt}" + newPwd}, }) if err != nil { diff --git a/server/ldap-admin/internal/svc/servicecontext.go b/server/ldap-admin/internal/svc/servicecontext.go index 384be7f6..064d9e5c 100644 --- a/server/ldap-admin/internal/svc/servicecontext.go +++ b/server/ldap-admin/internal/svc/servicecontext.go @@ -4,7 +4,7 @@ import ( "fusenapi/initalize" "fusenapi/model/gmodel" "fusenapi/server/ldap-admin/internal/config" - "github.com/go-ldap/ldap/v3" + "fusenapi/utils/ldap_lib" "gorm.io/gorm" ) @@ -13,17 +13,17 @@ type ServiceContext struct { MysqlConn *gorm.DB AllModels *gmodel.AllModelsGen RabbitMq *initalize.RabbitMqHandle - Ldap *ldap.Conn + Ldap *ldap_lib.Ldap } func NewServiceContext(c config.Config) *ServiceContext { conn := initalize.InitMysql(c.SourceMysql) - + ldapConn := initalize.InitLdap(c.Ldap.Host, c.Ldap.BindDN, c.Ldap.Password) return &ServiceContext{ Config: c, MysqlConn: conn, AllModels: gmodel.NewAllModels(initalize.InitMysql(c.SourceMysql)), RabbitMq: initalize.InitRabbitMq(c.SourceRabbitMq, nil), - Ldap: initalize.InitLdap(c.Ldap.Host, c.Ldap.BindDN, c.Ldap.Password), + Ldap: ldap_lib.NewLdap(ldapConn, c.Ldap.BaseDN, c.Ldap.RootDN, c.Ldap.PeopleGroupDN, c.Auth.AccessSecret), } } diff --git a/server/ldap-admin/internal/types/types.go b/server/ldap-admin/internal/types/types.go index 5656ad18..88304cd6 100644 --- a/server/ldap-admin/internal/types/types.go +++ b/server/ldap-admin/internal/types/types.go @@ -190,8 +190,6 @@ type GetLdapUserInfoRsp struct { Avatar string `json:"avatar"` //头像地址 EmployeeTpye int64 `json:"employee_tpye"` //雇佣类型 1正式 2实习 3外包 Status int64 `json:"status,options=0|1"` //状态 1正常0离职 - CreateTime string `json:"create_time"` - UpdateTime string `json:"update_time"` } type AddLdapOrganizationMemberReq struct { @@ -221,8 +219,6 @@ type GetLdapOrganizationMembersItem struct { Avatar string `json:"avatar"` //头像地址 EmployeeType int64 `json:"employee_type"` Status int64 `json:"status,options=0|1"` //状态 1正常0离职 - CreateTime string `json:"create_time"` - UpdateTime string `json:"update_time"` } type GetLdapUsersReq struct { @@ -243,8 +239,15 @@ type GetLdapUsersItem struct { Avatar string `json:"avatar"` //头像地址 EmployeeType int64 `json:"employee_type"` Status int64 `json:"status,options=0|1"` //状态 1正常0离职 - CreateTime string `json:"create_time"` - UpdateTime string `json:"update_time"` +} + +type LdapUserLoginReq struct { + Email string `json:"email"` + Password string `json:"password"` +} + +type LdapUserLoginRsp struct { + Token string `json:"token"` } type Request struct { diff --git a/server_api/ldap-admin.api b/server_api/ldap-admin.api index bb7e7be3..bf26d760 100644 --- a/server_api/ldap-admin.api +++ b/server_api/ldap-admin.api @@ -94,6 +94,9 @@ service ldap-admin { //获取基础用户组中成员列表 @handler GetLdapUsersHandler get /api/ldap-admin/get_ldap_users(GetLdapUsersReq) returns (response); + //登录 + @handler LdapUserLoginHandler + post /api/ldap-admin/ldap_user_login(LdapUserLoginReq) returns (response); } type ( @@ -274,8 +277,6 @@ type GetLdapUserInfoRsp { Avatar string `json:"avatar"` //头像地址 EmployeeTpye int64 `json:"employee_tpye"` //雇佣类型 1正式 2实习 3外包 Status int64 `json:"status,options=0|1"` //状态 1正常0离职 - CreateTime string `json:"create_time"` - UpdateTime string `json:"update_time"` } //ldap组织添加成员 type AddLdapOrganizationMemberReq { @@ -303,8 +304,6 @@ type GetLdapOrganizationMembersItem { Avatar string `json:"avatar"` //头像地址 EmployeeType int64 `json:"employee_type"` Status int64 `json:"status,options=0|1"` //状态 1正常0离职 - CreateTime string `json:"create_time"` - UpdateTime string `json:"update_time"` } //获取基础用户组中成员列表 type GetLdapUsersReq { @@ -323,6 +322,12 @@ type GetLdapUsersItem { Avatar string `json:"avatar"` //头像地址 EmployeeType int64 `json:"employee_type"` Status int64 `json:"status,options=0|1"` //状态 1正常0离职 - CreateTime string `json:"create_time"` - UpdateTime string `json:"update_time"` +} +//登录 +type LdapUserLoginReq { + Email string `json:"email"` + Password string `json:"password"` +} +type LdapUserLoginRsp { + Token string `json:"token"` } \ No newline at end of file diff --git a/utils/ldap_lib/auth.go b/utils/ldap_lib/auth.go new file mode 100644 index 00000000..be05acea --- /dev/null +++ b/utils/ldap_lib/auth.go @@ -0,0 +1,26 @@ +package ldap_lib + +import ( + "github.com/zeromicro/go-zero/core/logx" + "net/http" +) + +// 验证权限 +func (l *Ldap) VerifyAuthority(r *http.Request, jwtSecret string) bool { + token := r.Header.Get("Ldap-Authorization") + info, err := l.ParseJwtToken(token, jwtSecret) + if err != nil { + logx.Error("解析token失败", err, "----token:", token) + return false + } + //查询ldap + userInfo, err := l.GetLdapUserInfo(info.UserDN) + if err != nil { + logx.Error("获取ldap用户信息失败", err, "----user_dn:", info.UserDN) + } + if userInfo.Status != 1 { + return false + } + // TODO 查询权限组相关信息 + return true +} diff --git a/utils/ldap_lib/jwt_parse.go b/utils/ldap_lib/jwt_parse.go new file mode 100644 index 00000000..0360e1c3 --- /dev/null +++ b/utils/ldap_lib/jwt_parse.go @@ -0,0 +1,53 @@ +package ldap_lib + +import ( + "encoding/json" + "errors" + "github.com/golang-jwt/jwt" + "time" +) + +type UserInfo struct { + UserDN string `json:"user_dn"` + UserId int64 `json:"user_id"` +} + +// 生成token +func (l *Ldap) GenJwtToken(userId, expireTime int64, userDN, secret string) (token string, err error) { + t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ + "user_dn": userDN, + "user_id": userId, + "exp": time.Now().Add(time.Second * time.Duration(expireTime)).Unix(), //过期时间 + "iss": "fusen", + }) + token, err = t.SignedString([]byte(secret)) + if err != nil { + return "", err + } + return "Bearer " + token, nil +} + +// 解释token +func (l *Ldap) ParseJwtToken(token, secret string) (UserInfo, error) { + if len(token) <= 7 || token[:7] != "Bearer " { + return UserInfo{}, errors.New("无效的token") + } + token = token[7:] + t, err := jwt.ParseWithClaims(token, jwt.MapClaims{}, func(token *jwt.Token) (interface{}, error) { + return []byte(secret), nil + }) + if err != nil { + return UserInfo{}, err + } + d, err := json.Marshal(t.Claims) + if err != nil { + return UserInfo{}, err + } + var userInfo UserInfo + if err = json.Unmarshal(d, &userInfo); err != nil { + return UserInfo{}, err + } + return userInfo, nil +} + +// diff --git a/utils/ldap_lib/ldap_group.go b/utils/ldap_lib/ldap_group.go index dfc2a0e1..a94acefb 100644 --- a/utils/ldap_lib/ldap_group.go +++ b/utils/ldap_lib/ldap_group.go @@ -12,14 +12,16 @@ type Ldap struct { rootDN string conn *ldap.Conn peopleGroupDN string + jwtSecret string } -func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN string) *Ldap { +func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string) *Ldap { return &Ldap{ baseDN: baseDN, rootDN: rootDN, conn: conn, peopleGroupDN: peopleGroupDN, + jwtSecret: jwtSecret, } }