From 8fe8e4f2d8299cdc36cd73b3c49cc027b5861ac7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Oct 2023 03:56:28 +0000 Subject: [PATCH 01/13] build(deps): bump postcss in /support/enhance-wasm/test-vue Bumps [postcss](https://github.com/postcss/postcss) from 8.4.22 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.4.22...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] --- support/enhance-wasm/test-vue/package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/support/enhance-wasm/test-vue/package-lock.json b/support/enhance-wasm/test-vue/package-lock.json index 56ffe0a3d..4d65ad7ef 100644 --- a/support/enhance-wasm/test-vue/package-lock.json +++ b/support/enhance-wasm/test-vue/package-lock.json @@ -1850,9 +1850,9 @@ } }, "node_modules/postcss": { - "version": "8.4.22", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.22.tgz", - "integrity": "sha512-XseknLAfRHzVWjCEtdviapiBtfLdgyzExD50Rg2ePaucEesyh8Wv4VPdW0nbyDa1ydbrAxV19jvMT4+LFmcNUA==", + "version": "8.4.31", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz", + "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==", "funding": [ { "type": "opencollective", @@ -3597,9 +3597,9 @@ "dev": true }, "postcss": { - "version": "8.4.22", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.22.tgz", - "integrity": "sha512-XseknLAfRHzVWjCEtdviapiBtfLdgyzExD50Rg2ePaucEesyh8Wv4VPdW0nbyDa1ydbrAxV19jvMT4+LFmcNUA==", + "version": "8.4.31", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz", + "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==", "requires": { "nanoid": "^3.3.6", "picocolors": "^1.0.0", From 693cc7675626bade909d06f8f5eedb68f882eaa3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 11 Nov 2023 11:52:55 +0000 Subject: [PATCH 02/13] build(deps): bump axios in /support/enhance-wasm/test-vue Bumps [axios](https://github.com/axios/axios) from 1.3.5 to 1.6.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v1.3.5...v1.6.0) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- support/enhance-wasm/test-vue/package-lock.json | 14 +++++++------- support/enhance-wasm/test-vue/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/support/enhance-wasm/test-vue/package-lock.json b/support/enhance-wasm/test-vue/package-lock.json index 56ffe0a3d..43431a14c 100644 --- a/support/enhance-wasm/test-vue/package-lock.json +++ b/support/enhance-wasm/test-vue/package-lock.json @@ -8,7 +8,7 @@ "name": "bios-enhance-wasm", "version": "0.0.0", "dependencies": { - "axios": "^1.3.5", + "axios": "^1.6.0", "bios-enhance-wasm": "file:../pkg", "vue": "^3.2.47", "vue-router": "^4.1.6" @@ -864,9 +864,9 @@ } }, "node_modules/axios": { - "version": "1.3.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.3.5.tgz", - "integrity": "sha512-glL/PvG/E+xCWwV8S6nCHcrfg1exGx7vxyUIivIA1iL7BIh6bePylCfVHwp6k13ao7SATxB6imau2kqY+I67kw==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz", + "integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==", "dependencies": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0", @@ -2879,9 +2879,9 @@ "dev": true }, "axios": { - "version": "1.3.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.3.5.tgz", - "integrity": "sha512-glL/PvG/E+xCWwV8S6nCHcrfg1exGx7vxyUIivIA1iL7BIh6bePylCfVHwp6k13ao7SATxB6imau2kqY+I67kw==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz", + "integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==", "requires": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0", diff --git a/support/enhance-wasm/test-vue/package.json b/support/enhance-wasm/test-vue/package.json index d7c2460cc..de90fc8f4 100644 --- a/support/enhance-wasm/test-vue/package.json +++ b/support/enhance-wasm/test-vue/package.json @@ -10,7 +10,7 @@ "type-check": "vue-tsc --noEmit" }, "dependencies": { - "axios": "^1.3.5", + "axios": "^1.6.0", "bios-enhance-wasm": "file:../pkg", "vue": "^3.2.47", "vue-router": "^4.1.6" From 30bf2f04ce75b9667594f7950c98c9e351d2b5ed Mon Sep 17 00:00:00 2001 From: ZzIsGod1019 <1498852723@qq.com> Date: Tue, 14 Nov 2023 19:27:41 -0800 Subject: [PATCH 03/13] flow:update --- .../flow/src/dto/flow_transition_dto.rs | 2 ++ middleware/flow/src/serv/flow_inst_serv.rs | 20 +++++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/middleware/flow/src/dto/flow_transition_dto.rs b/middleware/flow/src/dto/flow_transition_dto.rs index 168fec12c..500dac6f4 100644 --- a/middleware/flow/src/dto/flow_transition_dto.rs +++ b/middleware/flow/src/dto/flow_transition_dto.rs @@ -316,6 +316,7 @@ pub enum StateChangeConditionOp { #[derive(Serialize, Deserialize, Clone, PartialEq, Debug, poem_openapi::Enum)] pub enum TagRelKind { + Default, ParentFeed, SubFeed, } @@ -323,6 +324,7 @@ pub enum TagRelKind { impl From for String { fn from(kind: TagRelKind) -> Self { match kind { + TagRelKind::Default => "Default".to_string(), TagRelKind::ParentFeed => "PARENT_FEED".to_string(), TagRelKind::SubFeed => "SUB_FEED".to_string(), } diff --git a/middleware/flow/src/serv/flow_inst_serv.rs b/middleware/flow/src/serv/flow_inst_serv.rs index b1e23e806..d0f6c1e46 100644 --- a/middleware/flow/src/serv/flow_inst_serv.rs +++ b/middleware/flow/src/serv/flow_inst_serv.rs @@ -43,7 +43,7 @@ use crate::{ flow_state_dto::{FlowStateFilterReq, FlowStateRelModelExt, FlowSysStateKind}, flow_transition_dto::{ FlowTransitionActionByStateChangeInfo, FlowTransitionActionByVarChangeInfoChangedKind, FlowTransitionActionChangeAgg, FlowTransitionActionChangeInfo, - FlowTransitionActionChangeKind, FlowTransitionDetailResp, FlowTransitionFrontActionInfo, FlowTransitionFrontActionRightValue, StateChangeConditionOp, + FlowTransitionActionChangeKind, FlowTransitionDetailResp, FlowTransitionFrontActionInfo, FlowTransitionFrontActionRightValue, StateChangeConditionOp, TagRelKind, }, }, flow_constants, @@ -853,7 +853,11 @@ impl FlowInstServ { let rel_tag = change_info.obj_tag.unwrap_or_default(); if !rel_tag.is_empty() { let obj_tag = if let Some(obj_tag_rel_kind) = change_info.obj_tag_rel_kind.clone() { - String::from(obj_tag_rel_kind) + if obj_tag_rel_kind == TagRelKind::ParentFeed || obj_tag_rel_kind == TagRelKind::SubFeed { + String::from(obj_tag_rel_kind) + } else { + rel_tag.clone() + } } else { rel_tag.clone() }; @@ -909,7 +913,11 @@ impl FlowInstServ { FlowTransitionActionChangeKind::State => { if let Some(change_info) = post_change.state_change_info { let obj_tag = if let Some(obj_tag_rel_kind) = change_info.obj_tag_rel_kind.clone() { - String::from(obj_tag_rel_kind) + if obj_tag_rel_kind == TagRelKind::ParentFeed || obj_tag_rel_kind == TagRelKind::SubFeed { + String::from(obj_tag_rel_kind) + } else { + change_info.obj_tag.clone() + } } else { change_info.obj_tag.clone() }; @@ -944,7 +952,11 @@ impl FlowInstServ { for condition_item in change_condition.conditions.iter() { if condition_item.obj_tag.is_some() && !condition_item.state_id.is_empty() { let obj_tag = if let Some(obj_tag_rel_kind) = condition_item.obj_tag_rel_kind.clone() { - String::from(obj_tag_rel_kind) + if obj_tag_rel_kind == TagRelKind::ParentFeed || obj_tag_rel_kind == TagRelKind::SubFeed { + String::from(obj_tag_rel_kind) + } else { + condition_item.obj_tag.clone().unwrap() + } } else { condition_item.obj_tag.clone().unwrap() }; From 5b3a5f5a9221a70eb135a506fac83e9de29ccb40 Mon Sep 17 00:00:00 2001 From: ZzIsGod1019 <1498852723@qq.com> Date: Tue, 14 Nov 2023 23:28:08 -0800 Subject: [PATCH 04/13] flow: update external dto --- middleware/flow/src/dto/flow_external_dto.rs | 1 + .../flow/src/dto/flow_transition_dto.rs | 2 +- .../flow/src/serv/flow_external_serv.rs | 7 ++-- middleware/flow/src/serv/flow_inst_serv.rs | 38 ++++--------------- 4 files changed, 13 insertions(+), 35 deletions(-) diff --git a/middleware/flow/src/dto/flow_external_dto.rs b/middleware/flow/src/dto/flow_external_dto.rs index 766ff4f1b..499abcf61 100644 --- a/middleware/flow/src/dto/flow_external_dto.rs +++ b/middleware/flow/src/dto/flow_external_dto.rs @@ -34,6 +34,7 @@ pub enum FlowExternalKind { #[derive(Debug, Deserialize, Serialize, poem_openapi::Object, Clone)] pub struct FlowExternalParams { pub rel_tag: Option, + pub rel_kind: Option, pub var_id: Option, pub var_name: Option, pub value: Option, diff --git a/middleware/flow/src/dto/flow_transition_dto.rs b/middleware/flow/src/dto/flow_transition_dto.rs index 500dac6f4..2353822fb 100644 --- a/middleware/flow/src/dto/flow_transition_dto.rs +++ b/middleware/flow/src/dto/flow_transition_dto.rs @@ -324,7 +324,7 @@ pub enum TagRelKind { impl From for String { fn from(kind: TagRelKind) -> Self { match kind { - TagRelKind::Default => "Default".to_string(), + TagRelKind::Default => "DEFAULT".to_string(), TagRelKind::ParentFeed => "PARENT_FEED".to_string(), TagRelKind::SubFeed => "SUB_FEED".to_string(), } diff --git a/middleware/flow/src/serv/flow_external_serv.rs b/middleware/flow/src/serv/flow_external_serv.rs index 98d750e4e..d0569b256 100644 --- a/middleware/flow/src/serv/flow_external_serv.rs +++ b/middleware/flow/src/serv/flow_external_serv.rs @@ -13,7 +13,7 @@ use crate::{ FlowExternalFetchRelObjResp, FlowExternalKind, FlowExternalModifyFieldResp, FlowExternalNotifyChangesResp, FlowExternalParams, FlowExternalQueryFieldResp, FlowExternalReq, FlowExternalResp, }, - flow_state_dto::FlowSysStateKind, + flow_state_dto::FlowSysStateKind, flow_transition_dto::TagRelKind, }, flow_config::FlowConfig, flow_constants, @@ -26,7 +26,7 @@ impl FlowExternalServ { tag: &str, inst_id: &str, rel_business_obj_id: &str, - rel_tags: Vec, + rel_tags: Vec<(String, Option)>, ctx: &TardisContext, funs: &TardisFunsInst, ) -> TardisResult { @@ -39,8 +39,9 @@ impl FlowExternalServ { curr_bus_obj_id: rel_business_obj_id.to_string(), params: rel_tags .into_iter() - .map(|tag| FlowExternalParams { + .map(|(tag, kind)| FlowExternalParams { rel_tag: Some(tag), + rel_kind: kind.map(String::from), var_id: None, var_name: None, value: None, diff --git a/middleware/flow/src/serv/flow_inst_serv.rs b/middleware/flow/src/serv/flow_inst_serv.rs index d0f6c1e46..02b20d387 100644 --- a/middleware/flow/src/serv/flow_inst_serv.rs +++ b/middleware/flow/src/serv/flow_inst_serv.rs @@ -43,7 +43,7 @@ use crate::{ flow_state_dto::{FlowStateFilterReq, FlowStateRelModelExt, FlowSysStateKind}, flow_transition_dto::{ FlowTransitionActionByStateChangeInfo, FlowTransitionActionByVarChangeInfoChangedKind, FlowTransitionActionChangeAgg, FlowTransitionActionChangeInfo, - FlowTransitionActionChangeKind, FlowTransitionDetailResp, FlowTransitionFrontActionInfo, FlowTransitionFrontActionRightValue, StateChangeConditionOp, TagRelKind, + FlowTransitionActionChangeKind, FlowTransitionDetailResp, FlowTransitionFrontActionInfo, FlowTransitionFrontActionRightValue, StateChangeConditionOp, }, }, flow_constants, @@ -707,6 +707,7 @@ impl FlowInstServ { let mut params = vec![]; for (var_name, value) in vars { params.push(FlowExternalParams { + rel_kind: None, rel_tag: None, var_name: Some(var_name.clone()), var_id: None, @@ -852,17 +853,8 @@ impl FlowInstServ { } let rel_tag = change_info.obj_tag.unwrap_or_default(); if !rel_tag.is_empty() { - let obj_tag = if let Some(obj_tag_rel_kind) = change_info.obj_tag_rel_kind.clone() { - if obj_tag_rel_kind == TagRelKind::ParentFeed || obj_tag_rel_kind == TagRelKind::SubFeed { - String::from(obj_tag_rel_kind) - } else { - rel_tag.clone() - } - } else { - rel_tag.clone() - }; let mut resp = - FlowExternalServ::do_fetch_rel_obj(¤t_model.tag, ¤t_inst.id, ¤t_inst.rel_business_obj_id, vec![obj_tag], ctx, funs).await?; + FlowExternalServ::do_fetch_rel_obj(¤t_model.tag, ¤t_inst.id, ¤t_inst.rel_business_obj_id, vec![(rel_tag.clone(), change_info.obj_tag_rel_kind.clone())], ctx, funs).await?; if !resp.rel_bus_objs.is_empty() { for rel_bus_obj_id in resp.rel_bus_objs.pop().unwrap().rel_bus_obj_ids { let inst_id = Self::get_inst_ids_by_rel_business_obj_id(vec![rel_bus_obj_id.clone()], funs, ctx).await?.pop().unwrap_or_default(); @@ -875,6 +867,7 @@ impl FlowInstServ { None, None, vec![FlowExternalParams { + rel_kind: None, rel_tag: None, var_id: None, var_name: Some(change_info.var_name.clone()), @@ -897,6 +890,7 @@ impl FlowInstServ { None, None, vec![FlowExternalParams { + rel_kind: None, rel_tag: None, var_id: None, var_name: Some(change_info.var_name.clone()), @@ -912,17 +906,8 @@ impl FlowInstServ { } FlowTransitionActionChangeKind::State => { if let Some(change_info) = post_change.state_change_info { - let obj_tag = if let Some(obj_tag_rel_kind) = change_info.obj_tag_rel_kind.clone() { - if obj_tag_rel_kind == TagRelKind::ParentFeed || obj_tag_rel_kind == TagRelKind::SubFeed { - String::from(obj_tag_rel_kind) - } else { - change_info.obj_tag.clone() - } - } else { - change_info.obj_tag.clone() - }; let mut resp = - FlowExternalServ::do_fetch_rel_obj(¤t_model.tag, ¤t_inst.id, ¤t_inst.rel_business_obj_id, vec![obj_tag], ctx, funs).await?; + FlowExternalServ::do_fetch_rel_obj(¤t_model.tag, ¤t_inst.id, ¤t_inst.rel_business_obj_id, vec![(change_info.obj_tag.clone(), change_info.obj_tag_rel_kind.clone())], ctx, funs).await?; if !resp.rel_bus_objs.is_empty() { let inst_ids = Self::find_inst_ids_by_rel_obj_ids(resp.rel_bus_objs.pop().unwrap().rel_bus_obj_ids, &change_info, funs, ctx).await?; Self::do_modify_state_by_post_action(inst_ids, &change_info, updated_instance_list, funs, ctx).await?; @@ -951,16 +936,7 @@ impl FlowInstServ { let mut rel_tags = vec![]; for condition_item in change_condition.conditions.iter() { if condition_item.obj_tag.is_some() && !condition_item.state_id.is_empty() { - let obj_tag = if let Some(obj_tag_rel_kind) = condition_item.obj_tag_rel_kind.clone() { - if obj_tag_rel_kind == TagRelKind::ParentFeed || obj_tag_rel_kind == TagRelKind::SubFeed { - String::from(obj_tag_rel_kind) - } else { - condition_item.obj_tag.clone().unwrap() - } - } else { - condition_item.obj_tag.clone().unwrap() - }; - rel_tags.push(obj_tag); + rel_tags.push((condition_item.obj_tag.clone().unwrap(), condition_item.obj_tag_rel_kind.clone())); } } let inst_id = Self::get_inst_ids_by_rel_business_obj_id(vec![rel_obj_id.clone()], funs, ctx).await?.pop().unwrap_or_default(); From 4a1fd31c082ece4a1f12c540269075c4d02793e3 Mon Sep 17 00:00:00 2001 From: ZzIsGod1019 <1498852723@qq.com> Date: Wed, 15 Nov 2023 01:51:11 -0800 Subject: [PATCH 05/13] flow: update --- middleware/flow/src/dto/flow_transition_dto.rs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/middleware/flow/src/dto/flow_transition_dto.rs b/middleware/flow/src/dto/flow_transition_dto.rs index 2353822fb..c71209f46 100644 --- a/middleware/flow/src/dto/flow_transition_dto.rs +++ b/middleware/flow/src/dto/flow_transition_dto.rs @@ -317,16 +317,14 @@ pub enum StateChangeConditionOp { #[derive(Serialize, Deserialize, Clone, PartialEq, Debug, poem_openapi::Enum)] pub enum TagRelKind { Default, - ParentFeed, - SubFeed, + ParentOrSub, } impl From for String { fn from(kind: TagRelKind) -> Self { match kind { TagRelKind::Default => "DEFAULT".to_string(), - TagRelKind::ParentFeed => "PARENT_FEED".to_string(), - TagRelKind::SubFeed => "SUB_FEED".to_string(), + TagRelKind::ParentOrSub => "PARENT_OR_SUB".to_string(), } } } From e5fa9cdce973031433e7330f6b0810b849de7d7a Mon Sep 17 00:00:00 2001 From: RWDai <27391645+RWDai@users.noreply.github.com> Date: Thu, 16 Nov 2023 17:44:58 +0800 Subject: [PATCH 06/13] optimization ldap sync --- .../flow/src/serv/flow_external_serv.rs | 3 +- middleware/flow/src/serv/flow_inst_serv.rs | 24 +++++-- .../iam/src/basic/serv/iam_cert_ldap_serv.rs | 42 ++++++------ support/iam/src/basic/serv/iam_role_serv.rs | 66 ++++++++++++------- .../src/console_app/api/iam_ca_role_api.rs | 23 +++---- .../src/console_tenant/api/iam_ct_role_api.rs | 4 +- 6 files changed, 100 insertions(+), 62 deletions(-) diff --git a/middleware/flow/src/serv/flow_external_serv.rs b/middleware/flow/src/serv/flow_external_serv.rs index d0569b256..48b9fa74a 100644 --- a/middleware/flow/src/serv/flow_external_serv.rs +++ b/middleware/flow/src/serv/flow_external_serv.rs @@ -13,7 +13,8 @@ use crate::{ FlowExternalFetchRelObjResp, FlowExternalKind, FlowExternalModifyFieldResp, FlowExternalNotifyChangesResp, FlowExternalParams, FlowExternalQueryFieldResp, FlowExternalReq, FlowExternalResp, }, - flow_state_dto::FlowSysStateKind, flow_transition_dto::TagRelKind, + flow_state_dto::FlowSysStateKind, + flow_transition_dto::TagRelKind, }, flow_config::FlowConfig, flow_constants, diff --git a/middleware/flow/src/serv/flow_inst_serv.rs b/middleware/flow/src/serv/flow_inst_serv.rs index 02b20d387..acaa350ed 100644 --- a/middleware/flow/src/serv/flow_inst_serv.rs +++ b/middleware/flow/src/serv/flow_inst_serv.rs @@ -398,7 +398,7 @@ impl FlowInstServ { transitions: inst.transitions.map(|transitions| TardisFuns::json.json_to_obj(transitions).unwrap()), current_state_id: inst.current_state_id, current_state_name: inst.current_state_name, - current_state_color:inst.current_state_color, + current_state_color: inst.current_state_color, current_assigned: inst.current_assigned, current_vars: inst.current_vars.map(|current_vars| TardisFuns::json.json_to_obj(current_vars).unwrap()), rel_business_obj_id: inst.rel_business_obj_id, @@ -853,8 +853,15 @@ impl FlowInstServ { } let rel_tag = change_info.obj_tag.unwrap_or_default(); if !rel_tag.is_empty() { - let mut resp = - FlowExternalServ::do_fetch_rel_obj(¤t_model.tag, ¤t_inst.id, ¤t_inst.rel_business_obj_id, vec![(rel_tag.clone(), change_info.obj_tag_rel_kind.clone())], ctx, funs).await?; + let mut resp = FlowExternalServ::do_fetch_rel_obj( + ¤t_model.tag, + ¤t_inst.id, + ¤t_inst.rel_business_obj_id, + vec![(rel_tag.clone(), change_info.obj_tag_rel_kind.clone())], + ctx, + funs, + ) + .await?; if !resp.rel_bus_objs.is_empty() { for rel_bus_obj_id in resp.rel_bus_objs.pop().unwrap().rel_bus_obj_ids { let inst_id = Self::get_inst_ids_by_rel_business_obj_id(vec![rel_bus_obj_id.clone()], funs, ctx).await?.pop().unwrap_or_default(); @@ -906,8 +913,15 @@ impl FlowInstServ { } FlowTransitionActionChangeKind::State => { if let Some(change_info) = post_change.state_change_info { - let mut resp = - FlowExternalServ::do_fetch_rel_obj(¤t_model.tag, ¤t_inst.id, ¤t_inst.rel_business_obj_id, vec![(change_info.obj_tag.clone(), change_info.obj_tag_rel_kind.clone())], ctx, funs).await?; + let mut resp = FlowExternalServ::do_fetch_rel_obj( + ¤t_model.tag, + ¤t_inst.id, + ¤t_inst.rel_business_obj_id, + vec![(change_info.obj_tag.clone(), change_info.obj_tag_rel_kind.clone())], + ctx, + funs, + ) + .await?; if !resp.rel_bus_objs.is_empty() { let inst_ids = Self::find_inst_ids_by_rel_obj_ids(resp.rel_bus_objs.pop().unwrap().rel_bus_obj_ids, &change_info, funs, ctx).await?; Self::do_modify_state_by_post_action(inst_ids, &change_info, updated_instance_list, funs, ctx).await?; diff --git a/support/iam/src/basic/serv/iam_cert_ldap_serv.rs b/support/iam/src/basic/serv/iam_cert_ldap_serv.rs index b122b90cb..1641f773c 100644 --- a/support/iam/src/basic/serv/iam_cert_ldap_serv.rs +++ b/support/iam/src/basic/serv/iam_cert_ldap_serv.rs @@ -803,26 +803,28 @@ impl IamCertLdapServ { ) .await? { - let modify_result = RbumCertServ::modify_rbum( - &phone_cert.id, - &mut RbumCertModifyReq { - ak: Some(TrimString(iam_account_ext_sys_resp.mobile.clone())), - sk: None, - is_ignore_check_sk: false, - ext: None, - start_time: None, - end_time: None, - conn_uri: None, - status: None, - }, - &funs, - ctx, - ) - .await; - if let Some(e) = modify_result.err() { - let err_msg = format!("modify phone cert_id:{} failed:{}", phone_cert.id, e); - tardis::log::error!("{}", err_msg); - msg = format!("{msg}{err_msg}\n"); + if phone_cert.ak != iam_account_ext_sys_resp.mobile { + let modify_result = RbumCertServ::modify_rbum( + &phone_cert.id, + &mut RbumCertModifyReq { + ak: Some(TrimString(iam_account_ext_sys_resp.mobile.clone())), + sk: None, + is_ignore_check_sk: false, + ext: None, + start_time: None, + end_time: None, + conn_uri: None, + status: None, + }, + &funs, + ctx, + ) + .await; + if let Some(e) = modify_result.err() { + let err_msg = format!("modify phone cert_id:{} failed:{}", phone_cert.id, e); + tardis::log::error!("{}", err_msg); + msg = format!("{msg}{err_msg}\n"); + } } } else { //添加手机号 diff --git a/support/iam/src/basic/serv/iam_role_serv.rs b/support/iam/src/basic/serv/iam_role_serv.rs index fc0fc0194..4507f88ef 100644 --- a/support/iam/src/basic/serv/iam_role_serv.rs +++ b/support/iam/src/basic/serv/iam_role_serv.rs @@ -1,15 +1,15 @@ use std::ops::Add; use async_trait::async_trait; -use tardis::{TardisFuns, TardisFunsInst}; use tardis::basic::dto::TardisContext; use tardis::basic::field::TrimString; use tardis::basic::result::TardisResult; -use tardis::db::sea_orm::*; use tardis::db::sea_orm::prelude::Expr; use tardis::db::sea_orm::sea_query::SelectStatement; +use tardis::db::sea_orm::*; use tardis::log::info; use tardis::web::web_resp::TardisPage; +use tardis::{TardisFuns, TardisFunsInst}; use bios_basic::helper::request_helper::get_remote_ip; use bios_basic::process::task_processor::TaskProcessor; @@ -241,12 +241,19 @@ impl RbumItemCrudOperation TardisResult<()>{ + pub async fn add_app_copy_role_agg(app_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { Self::copy_role_agg(app_id, &IamRoleKind::App, funs, ctx).await?; let tenant_app_roles = Self::find_detail_items( &IamRoleFilterReq { @@ -401,7 +408,7 @@ impl IamRoleServ { funs, ctx, ) - .await?; + .await?; for app_role in tenant_app_roles { Self::add_role_agg( &mut IamRoleAggAddReq { @@ -422,7 +429,7 @@ impl IamRoleServ { funs, ctx, ) - .await?; + .await?; } Ok(()) } @@ -454,23 +461,36 @@ impl IamRoleServ { /// 租户添加应用角色 pub async fn tenant_add_app_role_agg(add_req: &mut IamRoleAggAddReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { add_req.role.scope_level = Some(RbumScopeLevelKind::Private); - let app_role_id = Self::add_role_agg(add_req,funs,ctx).await?; - let app_ids = IamAppServ::find_id_items(&IamAppFilterReq { - basic: RbumBasicFilterReq{ - with_sub_own_paths:true, + let app_role_id = Self::add_role_agg(add_req, funs, ctx).await?; + let app_ids = IamAppServ::find_id_items( + &IamAppFilterReq { + basic: RbumBasicFilterReq { + with_sub_own_paths: true, + ..Default::default() + }, ..Default::default() }, - ..Default::default() - }, None, None, funs, ctx).await?; - let app_role = Self::get_item(&app_role_id,&IamRoleFilterReq { - basic: RbumBasicFilterReq{ - with_sub_own_paths:true, + None, + None, + funs, + ctx, + ) + .await?; + let app_role = Self::get_item( + &app_role_id, + &IamRoleFilterReq { + basic: RbumBasicFilterReq { + with_sub_own_paths: true, + ..Default::default() + }, ..Default::default() }, - ..Default::default() - }, funs, ctx).await?; + funs, + ctx, + ) + .await?; for app_id in app_ids { - let app_ctx = IamCertServ::try_use_app_ctx(ctx.clone(),Some(app_id.clone()))?; + let app_ctx = IamCertServ::try_use_app_ctx(ctx.clone(), Some(app_id.clone()))?; Self::add_role_agg( &mut IamRoleAggAddReq { role: IamRoleAddReq { @@ -490,7 +510,7 @@ impl IamRoleServ { funs, &app_ctx, ) - .await?; + .await?; } Ok(app_role_id) } diff --git a/support/iam/src/console_app/api/iam_ca_role_api.rs b/support/iam/src/console_app/api/iam_ca_role_api.rs index d880c84cb..8a983318c 100644 --- a/support/iam/src/console_app/api/iam_ca_role_api.rs +++ b/support/iam/src/console_app/api/iam_ca_role_api.rs @@ -129,13 +129,19 @@ impl IamCaRoleApi { add_remote_ip(request, &ctx.0).await?; let mut funs = iam_constants::get_tardis_inst(); funs.begin().await?; - let app_role = IamRoleServ::get_item(&id.0,&IamRoleFilterReq{ - basic: RbumBasicFilterReq { - with_sub_own_paths: true, + let app_role = IamRoleServ::get_item( + &id.0, + &IamRoleFilterReq { + basic: RbumBasicFilterReq { + with_sub_own_paths: true, + ..Default::default() + }, ..Default::default() }, - ..Default::default() - },&funs,&ctx.0).await?; + &funs, + &ctx.0, + ) + .await?; if app_role.kind != IamRoleKind::App { Err(funs.err().conflict( &IamRoleServ::get_obj_name(), @@ -145,12 +151,7 @@ impl IamCaRoleApi { ))?; } if app_role.extend_role_id != "".to_string() { - Err(funs.err().conflict( - &IamRoleServ::get_obj_name(), - "delete", - "This role is extend role, cannot be deleted", - "409-role-is-extend", - ))?; + Err(funs.err().conflict(&IamRoleServ::get_obj_name(), "delete", "This role is extend role, cannot be deleted", "409-role-is-extend"))?; } IamRoleServ::delete_item_with_all_rels(&id.0, &funs, &ctx.0).await?; funs.commit().await?; diff --git a/support/iam/src/console_tenant/api/iam_ct_role_api.rs b/support/iam/src/console_tenant/api/iam_ct_role_api.rs index a519e39ba..4a239d1e3 100644 --- a/support/iam/src/console_tenant/api/iam_ct_role_api.rs +++ b/support/iam/src/console_tenant/api/iam_ct_role_api.rs @@ -27,7 +27,7 @@ pub struct IamCtRoleApi; impl IamCtRoleApi { /// Add Role #[oai(path = "/", method = "post")] - async fn add(&self,is_app: Query>, mut add_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + async fn add(&self, is_app: Query>, mut add_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { add_remote_ip(request, &ctx.0).await?; let mut funs = iam_constants::get_tardis_inst(); funs.begin().await?; @@ -35,7 +35,7 @@ impl IamCtRoleApi { if is_app.0.unwrap_or(false) { add_req.0.role.kind = Some(IamRoleKind::App); result = IamRoleServ::tenant_add_app_role_agg(&mut add_req.0, &funs, &ctx.0).await?; - }else{ + } else { add_req.0.role.kind = Some(IamRoleKind::Tenant); result = IamRoleServ::add_role_agg(&mut add_req.0, &funs, &ctx.0).await?; } From d7454cc0f7d99cdcdcfdaeaeceada042dfdcde1b Mon Sep 17 00:00:00 2001 From: ZzIsGod1019 <1498852723@qq.com> Date: Sun, 19 Nov 2023 21:59:16 -0800 Subject: [PATCH 07/13] flow:update && fmt --- middleware/flow/src/domain/flow_transition.rs | 2 + middleware/flow/src/dto/flow_external_dto.rs | 3 +- .../flow/src/dto/flow_transition_dto.rs | 5 ++ .../flow/src/serv/flow_external_serv.rs | 4 +- middleware/flow/src/serv/flow_inst_serv.rs | 36 ++++++---- middleware/flow/src/serv/flow_model_serv.rs | 7 ++ middleware/flow/tests/test_flow_scenes_fsm.rs | 5 ++ spi/spi-kv/src/serv/kv_item_serv.rs | 17 ++--- spi/spi-plugin/src/serv/plugin_api_serv.rs | 21 ++++-- support/iam/src/basic/serv/iam_role_serv.rs | 71 ++++++++++++------- .../src/console_app/api/iam_ca_role_api.rs | 23 +++--- .../console_interface/api/iam_ci_role_api.rs | 7 +- .../src/console_tenant/api/iam_ct_role_api.rs | 4 +- 13 files changed, 128 insertions(+), 77 deletions(-) diff --git a/middleware/flow/src/domain/flow_transition.rs b/middleware/flow/src/domain/flow_transition.rs index 1a283f854..42ddd39f8 100644 --- a/middleware/flow/src/domain/flow_transition.rs +++ b/middleware/flow/src/domain/flow_transition.rs @@ -95,6 +95,8 @@ pub struct Model { /// TODO FlowTransitionDoubleCheckInfo pub double_check: Json, + pub is_notify: bool, + pub rel_flow_model_id: String, pub sort: i64, diff --git a/middleware/flow/src/dto/flow_external_dto.rs b/middleware/flow/src/dto/flow_external_dto.rs index 499abcf61..eae94c677 100644 --- a/middleware/flow/src/dto/flow_external_dto.rs +++ b/middleware/flow/src/dto/flow_external_dto.rs @@ -5,7 +5,7 @@ use tardis::web::poem_openapi::{ types::{ParseFromJSON, ToJSON}, }; -use super::flow_state_dto::FlowSysStateKind; +use super::{flow_state_dto::FlowSysStateKind, flow_transition_dto::FlowTransitionActionByVarChangeInfoChangedKind}; #[derive(Serialize, Deserialize, Debug, Default, poem_openapi::Object)] pub struct FlowExternalReq { @@ -38,6 +38,7 @@ pub struct FlowExternalParams { pub var_id: Option, pub var_name: Option, pub value: Option, + pub changed_kind: Option, } #[derive(Default, Serialize, Deserialize, Debug, poem_openapi::Object)] diff --git a/middleware/flow/src/dto/flow_transition_dto.rs b/middleware/flow/src/dto/flow_transition_dto.rs index c71209f46..07fbf52dd 100644 --- a/middleware/flow/src/dto/flow_transition_dto.rs +++ b/middleware/flow/src/dto/flow_transition_dto.rs @@ -29,6 +29,7 @@ pub struct FlowTransitionAddReq { pub double_check: Option, pub vars_collect: Option>, + pub is_notify: Option, pub action_by_pre_callback: Option, pub action_by_post_callback: Option, @@ -62,6 +63,7 @@ pub struct FlowTransitionModifyReq { pub vars_collect: Option>, pub double_check: Option, + pub is_notify: Option, pub action_by_pre_callback: Option, pub action_by_post_callback: Option, @@ -97,6 +99,7 @@ pub struct FlowTransitionDetailResp { pub vars_collect: Value, pub double_check: Value, + pub is_notify: bool, pub action_by_pre_callback: String, pub action_by_post_callback: String, @@ -175,6 +178,7 @@ impl From for FlowTransitionAddReq { action_by_post_changes: Some(action_by_post_changes), action_by_front_changes: Some(action_by_front_changes), double_check, + is_notify: Some(value.is_notify), sort: Some(value.sort), } } @@ -347,6 +351,7 @@ pub struct FlowTransitionInitInfo { pub vars_collect: Option>, pub double_check: Option, + pub is_notify: bool, pub action_by_pre_callback: Option, pub action_by_post_callback: Option, diff --git a/middleware/flow/src/serv/flow_external_serv.rs b/middleware/flow/src/serv/flow_external_serv.rs index d0569b256..1579d648a 100644 --- a/middleware/flow/src/serv/flow_external_serv.rs +++ b/middleware/flow/src/serv/flow_external_serv.rs @@ -13,7 +13,8 @@ use crate::{ FlowExternalFetchRelObjResp, FlowExternalKind, FlowExternalModifyFieldResp, FlowExternalNotifyChangesResp, FlowExternalParams, FlowExternalQueryFieldResp, FlowExternalReq, FlowExternalResp, }, - flow_state_dto::FlowSysStateKind, flow_transition_dto::TagRelKind, + flow_state_dto::FlowSysStateKind, + flow_transition_dto::TagRelKind, }, flow_config::FlowConfig, flow_constants, @@ -45,6 +46,7 @@ impl FlowExternalServ { var_id: None, var_name: None, value: None, + changed_kind: None, }) .collect_vec(), ..Default::default() diff --git a/middleware/flow/src/serv/flow_inst_serv.rs b/middleware/flow/src/serv/flow_inst_serv.rs index 02b20d387..bcd3f5dd9 100644 --- a/middleware/flow/src/serv/flow_inst_serv.rs +++ b/middleware/flow/src/serv/flow_inst_serv.rs @@ -398,7 +398,7 @@ impl FlowInstServ { transitions: inst.transitions.map(|transitions| TardisFuns::json.json_to_obj(transitions).unwrap()), current_state_id: inst.current_state_id, current_state_name: inst.current_state_name, - current_state_color:inst.current_state_color, + current_state_color: inst.current_state_color, current_assigned: inst.current_assigned, current_vars: inst.current_vars.map(|current_vars| TardisFuns::json.json_to_obj(current_vars).unwrap()), rel_business_obj_id: inst.rel_business_obj_id, @@ -712,6 +712,7 @@ impl FlowInstServ { var_name: Some(var_name.clone()), var_id: None, value: Some(value.clone()), + changed_kind: None, }); } if !params.is_empty() { @@ -842,19 +843,19 @@ impl FlowInstServ { if let Some(mut change_info) = post_change.var_change_info { if change_info.changed_kind.is_some() && change_info.changed_kind.clone().unwrap() == FlowTransitionActionByVarChangeInfoChangedKind::AutoGetOperateTime { change_info.changed_val = Some(json!(Utc::now().to_rfc3339_opts(SecondsFormat::Millis, true))); - } - if change_info.changed_kind.is_some() && change_info.changed_kind.clone().unwrap() == FlowTransitionActionByVarChangeInfoChangedKind::SelectField { - let field_key = change_info.changed_val.clone().unwrap_or_default().as_str().unwrap_or_default().to_string(); - if let Some(current_val) = current_inst.current_vars.clone().unwrap_or_default().get(field_key.as_str()) { - change_info.changed_val = Some(current_val.clone()); - } else { - change_info.changed_val = None; - } + change_info.changed_kind = Some(FlowTransitionActionByVarChangeInfoChangedKind::ChangeContent); } let rel_tag = change_info.obj_tag.unwrap_or_default(); if !rel_tag.is_empty() { - let mut resp = - FlowExternalServ::do_fetch_rel_obj(¤t_model.tag, ¤t_inst.id, ¤t_inst.rel_business_obj_id, vec![(rel_tag.clone(), change_info.obj_tag_rel_kind.clone())], ctx, funs).await?; + let mut resp = FlowExternalServ::do_fetch_rel_obj( + ¤t_model.tag, + ¤t_inst.id, + ¤t_inst.rel_business_obj_id, + vec![(rel_tag.clone(), change_info.obj_tag_rel_kind.clone())], + ctx, + funs, + ) + .await?; if !resp.rel_bus_objs.is_empty() { for rel_bus_obj_id in resp.rel_bus_objs.pop().unwrap().rel_bus_obj_ids { let inst_id = Self::get_inst_ids_by_rel_business_obj_id(vec![rel_bus_obj_id.clone()], funs, ctx).await?.pop().unwrap_or_default(); @@ -872,6 +873,7 @@ impl FlowInstServ { var_id: None, var_name: Some(change_info.var_name.clone()), value: change_info.changed_val.clone(), + changed_kind: change_info.changed_kind.clone(), }], ctx, funs, @@ -895,6 +897,7 @@ impl FlowInstServ { var_id: None, var_name: Some(change_info.var_name.clone()), value: change_info.changed_val.clone(), + changed_kind: change_info.changed_kind, }], ctx, funs, @@ -906,8 +909,15 @@ impl FlowInstServ { } FlowTransitionActionChangeKind::State => { if let Some(change_info) = post_change.state_change_info { - let mut resp = - FlowExternalServ::do_fetch_rel_obj(¤t_model.tag, ¤t_inst.id, ¤t_inst.rel_business_obj_id, vec![(change_info.obj_tag.clone(), change_info.obj_tag_rel_kind.clone())], ctx, funs).await?; + let mut resp = FlowExternalServ::do_fetch_rel_obj( + ¤t_model.tag, + ¤t_inst.id, + ¤t_inst.rel_business_obj_id, + vec![(change_info.obj_tag.clone(), change_info.obj_tag_rel_kind.clone())], + ctx, + funs, + ) + .await?; if !resp.rel_bus_objs.is_empty() { let inst_ids = Self::find_inst_ids_by_rel_obj_ids(resp.rel_bus_objs.pop().unwrap().rel_bus_obj_ids, &change_info, funs, ctx).await?; Self::do_modify_state_by_post_action(inst_ids, &change_info, updated_instance_list, funs, ctx).await?; diff --git a/middleware/flow/src/serv/flow_model_serv.rs b/middleware/flow/src/serv/flow_model_serv.rs index d9f3b740a..61fdda4df 100644 --- a/middleware/flow/src/serv/flow_model_serv.rs +++ b/middleware/flow/src/serv/flow_model_serv.rs @@ -342,6 +342,7 @@ impl FlowModelServ { action_by_post_changes: Some(transition.action_by_post_changes), action_by_front_changes: Some(transition.action_by_front_changes), double_check: transition.double_check, + is_notify: Some(true), sort: transition.sort, }); } @@ -383,6 +384,7 @@ impl FlowModelServ { vars_collect: Set(req.vars_collect.as_ref().map(|vars| TardisFuns::json.obj_to_json(vars).unwrap()).unwrap_or(json!([]))), double_check: Set(TardisFuns::json.obj_to_json(&req.double_check).unwrap_or(json!(FlowTransitionDoubleCheckInfo::default()))), + is_notify: Set(req.is_notify.unwrap_or(true)), action_by_pre_callback: Set(req.action_by_pre_callback.as_ref().unwrap_or(&"".to_string()).to_string()), action_by_post_callback: Set(req.action_by_post_callback.as_ref().unwrap_or(&"".to_string()).to_string()), @@ -511,6 +513,9 @@ impl FlowModelServ { if let Some(double_check) = &req.double_check { flow_transition.double_check = Set(TardisFuns::json.obj_to_json(double_check)?); } + if let Some(is_notify) = &req.is_notify { + flow_transition.is_notify = Set(*is_notify); + } if let Some(sort) = &req.sort { flow_transition.sort = Set(*sort); } @@ -577,6 +582,7 @@ impl FlowModelServ { (flow_transition::Entity, flow_transition::Column::ActionByPostChanges), (flow_transition::Entity, flow_transition::Column::ActionByFrontChanges), (flow_transition::Entity, flow_transition::Column::DoubleCheck), + (flow_transition::Entity, flow_transition::Column::IsNotify), (flow_transition::Entity, flow_transition::Column::RelFlowModelId), (flow_transition::Entity, flow_transition::Column::Sort), ]) @@ -1148,6 +1154,7 @@ impl FlowModelServ { guard_by_other_conds: None, vars_collect: None, double_check: None, + is_notify: None, action_by_pre_callback: None, action_by_post_callback: None, action_by_post_changes: None, diff --git a/middleware/flow/tests/test_flow_scenes_fsm.rs b/middleware/flow/tests/test_flow_scenes_fsm.rs index 78855e83e..e2f923510 100644 --- a/middleware/flow/tests/test_flow_scenes_fsm.rs +++ b/middleware/flow/tests/test_flow_scenes_fsm.rs @@ -244,6 +244,7 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> { is_open: true, content: Some("再次确认该操作生效".to_string()), }), + is_notify: None, action_by_front_changes: None, sort: None, }, @@ -294,6 +295,7 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> { }, ]), double_check: None, + is_notify: None, sort: None, }, FlowTransitionModifyReq { @@ -316,6 +318,7 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> { action_by_post_changes: None, action_by_front_changes: None, double_check: None, + is_notify: None, sort: None, }, ]), @@ -378,6 +381,7 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> { changed_kind: None, }]), double_check: None, + is_notify: None, sort: None, }]), ..Default::default() @@ -422,6 +426,7 @@ pub async fn test(flow_client: &mut TestHttpClient) -> TardisResult<()> { changed_kind: None, }]), double_check: None, + is_notify: None, sort: None, }]), ..Default::default() diff --git a/spi/spi-kv/src/serv/kv_item_serv.rs b/spi/spi-kv/src/serv/kv_item_serv.rs index 61fe702ad..d5e225496 100644 --- a/spi/spi-kv/src/serv/kv_item_serv.rs +++ b/spi/spi-kv/src/serv/kv_item_serv.rs @@ -1,17 +1,17 @@ -use tardis::{TardisFuns, TardisFunsInst}; use tardis::basic::dto::TardisContext; use tardis::basic::result::TardisResult; use tardis::serde_json::json; use tardis::web::web_resp::TardisPage; +use tardis::{TardisFuns, TardisFunsInst}; use bios_basic::spi::spi_constants; use bios_basic::spi::spi_funs::SpiBsInstExtractor; use bios_basic::spi_dispatch_service; -use crate::{kv_constants, kv_initializer}; use crate::dto::kv_item_dto::{ KvItemAddOrModifyReq, KvItemDetailResp, KvItemMatchReq, KvItemSummaryResp, KvNameAddOrModifyReq, KvNameFindResp, KvTagAddOrModifyReq, KvTagFindResp, }; +use crate::{kv_constants, kv_initializer}; use super::pg; @@ -83,20 +83,11 @@ pub async fn add_or_modify_tag(add_or_modify_req: &mut KvTagAddOrModifyReq, funs } pub async fn find_tags(keys: Vec, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult> { - let keys= keys.iter().map(|r|format!("{}{}", kv_constants::KEY_PREFIX_BY_TAG, r)).collect::>(); + let keys = keys.iter().map(|r| format!("{}{}", kv_constants::KEY_PREFIX_BY_TAG, r)).collect::>(); let inst = funs.init(ctx, true, kv_initializer::init_fun).await?; match inst.kind_code() { #[cfg(feature = "spi-pg")] - spi_constants::SPI_PG_KIND_CODE => { - pg::kv_pg_item_serv::find_items( - keys, - None, - funs, - ctx, - &inst, - ) - .await - } + spi_constants::SPI_PG_KIND_CODE => pg::kv_pg_item_serv::find_items(keys, None, funs, ctx, &inst).await, kind_code => Err(funs.bs_not_implemented(kind_code)), } .and_then(|items| { diff --git a/spi/spi-plugin/src/serv/plugin_api_serv.rs b/spi/spi-plugin/src/serv/plugin_api_serv.rs index 8b5480770..c045f3007 100644 --- a/spi/spi-plugin/src/serv/plugin_api_serv.rs +++ b/spi/spi-plugin/src/serv/plugin_api_serv.rs @@ -94,7 +94,7 @@ impl RbumItemCrudOperation TardisResult> { let plugin_api = plugin_api::ActiveModel { - id:Set(id.to_string()), + id: Set(id.to_string()), callback: Set(modify_req.callback.clone()), content_type: Set(modify_req.content_type.clone()), timeout: Set(modify_req.timeout), @@ -155,14 +155,21 @@ impl PluginApiServ { } pub async fn delete_by_kind(kind_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { - let api_ids = Self::find_id_items(&PluginApiFilterReq { - basic: RbumBasicFilterReq { - with_sub_own_paths: true, - rbum_kind_id: Some(kind_id.to_string()), + let api_ids = Self::find_id_items( + &PluginApiFilterReq { + basic: RbumBasicFilterReq { + with_sub_own_paths: true, + rbum_kind_id: Some(kind_id.to_string()), + ..Default::default() + }, ..Default::default() }, - ..Default::default() - },None,None,funs,ctx).await?; + None, + None, + funs, + ctx, + ) + .await?; for api_id in api_ids { Self::delete_item(&api_id, funs, ctx).await?; } diff --git a/support/iam/src/basic/serv/iam_role_serv.rs b/support/iam/src/basic/serv/iam_role_serv.rs index bd56d027f..83d6b1a60 100644 --- a/support/iam/src/basic/serv/iam_role_serv.rs +++ b/support/iam/src/basic/serv/iam_role_serv.rs @@ -1,15 +1,15 @@ use std::ops::Add; use async_trait::async_trait; -use tardis::{TardisFuns, TardisFunsInst, tokio}; use tardis::basic::dto::TardisContext; use tardis::basic::field::TrimString; use tardis::basic::result::TardisResult; -use tardis::db::sea_orm::*; use tardis::db::sea_orm::prelude::Expr; use tardis::db::sea_orm::sea_query::SelectStatement; +use tardis::db::sea_orm::*; use tardis::log::info; use tardis::web::web_resp::TardisPage; +use tardis::{tokio, TardisFuns, TardisFunsInst}; use bios_basic::helper::request_helper::get_remote_ip; use bios_basic::process::task_processor::TaskProcessor; @@ -241,10 +241,17 @@ impl RbumItemCrudOperation TardisResult<()>{ + pub async fn add_app_copy_role_agg(app_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { Self::copy_role_agg(app_id, &IamRoleKind::App, funs, ctx).await?; let tenant_ctx = IamCertServ::use_sys_or_tenant_ctx_unsafe(ctx.clone())?; let tenant_app_roles = Self::find_detail_items( &IamRoleFilterReq { - basic: RbumBasicFilterReq { - ..Default::default() - }, + basic: RbumBasicFilterReq { ..Default::default() }, kind: Some(IamRoleKind::App), in_embed: Some(false), in_base: Some(false), @@ -411,7 +417,7 @@ impl IamRoleServ { funs, &tenant_ctx, ) - .await?; + .await?; for app_role in tenant_app_roles { Self::add_role_agg( &mut IamRoleAggAddReq { @@ -432,7 +438,7 @@ impl IamRoleServ { funs, ctx, ) - .await?; + .await?; } Ok(()) } @@ -464,23 +470,36 @@ impl IamRoleServ { /// 租户添加应用角色 pub async fn tenant_add_app_role_agg(add_req: &mut IamRoleAggAddReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { add_req.role.scope_level = Some(RbumScopeLevelKind::Private); - let app_role_id = Self::add_role_agg(add_req,funs,ctx).await?; - let app_ids = IamAppServ::find_id_items(&IamAppFilterReq { - basic: RbumBasicFilterReq{ - with_sub_own_paths:true, + let app_role_id = Self::add_role_agg(add_req, funs, ctx).await?; + let app_ids = IamAppServ::find_id_items( + &IamAppFilterReq { + basic: RbumBasicFilterReq { + with_sub_own_paths: true, + ..Default::default() + }, ..Default::default() }, - ..Default::default() - }, None, None, funs, ctx).await?; - let app_role = Self::get_item(&app_role_id,&IamRoleFilterReq { - basic: RbumBasicFilterReq{ - with_sub_own_paths:true, + None, + None, + funs, + ctx, + ) + .await?; + let app_role = Self::get_item( + &app_role_id, + &IamRoleFilterReq { + basic: RbumBasicFilterReq { + with_sub_own_paths: true, + ..Default::default() + }, ..Default::default() }, - ..Default::default() - }, funs, ctx).await?; + funs, + ctx, + ) + .await?; for app_id in app_ids { - let app_ctx = IamCertServ::try_use_app_ctx(ctx.clone(),Some(app_id.clone()))?; + let app_ctx = IamCertServ::try_use_app_ctx(ctx.clone(), Some(app_id.clone()))?; Self::add_role_agg( &mut IamRoleAggAddReq { role: IamRoleAddReq { @@ -500,7 +519,7 @@ impl IamRoleServ { funs, &app_ctx, ) - .await?; + .await?; } Ok(app_role_id) } diff --git a/support/iam/src/console_app/api/iam_ca_role_api.rs b/support/iam/src/console_app/api/iam_ca_role_api.rs index 12ae9ae46..b69d34d69 100644 --- a/support/iam/src/console_app/api/iam_ca_role_api.rs +++ b/support/iam/src/console_app/api/iam_ca_role_api.rs @@ -129,13 +129,19 @@ impl IamCaRoleApi { add_remote_ip(request, &ctx.0).await?; let mut funs = iam_constants::get_tardis_inst(); funs.begin().await?; - let app_role = IamRoleServ::get_item(&id.0,&IamRoleFilterReq{ - basic: RbumBasicFilterReq { - with_sub_own_paths: true, + let app_role = IamRoleServ::get_item( + &id.0, + &IamRoleFilterReq { + basic: RbumBasicFilterReq { + with_sub_own_paths: true, + ..Default::default() + }, ..Default::default() }, - ..Default::default() - },&funs,&ctx.0).await?; + &funs, + &ctx.0, + ) + .await?; if app_role.kind != IamRoleKind::App { Err(funs.err().conflict( &IamRoleServ::get_obj_name(), @@ -145,12 +151,7 @@ impl IamCaRoleApi { ))?; } if app_role.extend_role_id != "".to_string() { - Err(funs.err().conflict( - &IamRoleServ::get_obj_name(), - "delete", - "This role is extend role, cannot be deleted", - "409-role-is-extend", - ))?; + Err(funs.err().conflict(&IamRoleServ::get_obj_name(), "delete", "This role is extend role, cannot be deleted", "409-role-is-extend"))?; } IamRoleServ::delete_item_with_all_rels(&id.0, &funs, &ctx.0).await?; funs.commit().await?; diff --git a/support/iam/src/console_interface/api/iam_ci_role_api.rs b/support/iam/src/console_interface/api/iam_ci_role_api.rs index 971cd9303..aa87f3bf1 100644 --- a/support/iam/src/console_interface/api/iam_ci_role_api.rs +++ b/support/iam/src/console_interface/api/iam_ci_role_api.rs @@ -1,15 +1,15 @@ -use tardis::tokio; use crate::basic::serv::iam_app_serv::IamAppServ; use crate::basic::serv::iam_cert_serv::IamCertServ; use crate::basic::serv::iam_role_serv::IamRoleServ; use crate::iam_constants::{self, RBUM_SCOPE_LEVEL_APP}; use bios_basic::helper::request_helper::add_remote_ip; +use bios_basic::process::task_processor::TaskProcessor; +use tardis::tokio; use tardis::web::context_extractor::TardisContextExtractor; use tardis::web::poem::{Request, RequestBody}; use tardis::web::poem_openapi; use tardis::web::poem_openapi::param::{Path, Query}; use tardis::web::web_resp::{TardisApiResult, TardisResp, Void}; -use bios_basic::process::task_processor::TaskProcessor; #[derive(Clone, Default)] pub struct IamCiRoleApi; @@ -93,7 +93,8 @@ impl IamCiRoleApi { task_handle.await.unwrap(); Ok(()) }) - })).await?; + })) + .await?; ctx.execute_task().await?; if let Some(task_id) = TaskProcessor::get_task_id_with_ctx(&ctx).await? { TardisResp::accepted(Some(task_id)) diff --git a/support/iam/src/console_tenant/api/iam_ct_role_api.rs b/support/iam/src/console_tenant/api/iam_ct_role_api.rs index af1e9f321..611eb184c 100644 --- a/support/iam/src/console_tenant/api/iam_ct_role_api.rs +++ b/support/iam/src/console_tenant/api/iam_ct_role_api.rs @@ -27,7 +27,7 @@ pub struct IamCtRoleApi; impl IamCtRoleApi { /// Add Role #[oai(path = "/", method = "post")] - async fn add(&self,is_app: Query>, mut add_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + async fn add(&self, is_app: Query>, mut add_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { add_remote_ip(request, &ctx.0).await?; let mut funs = iam_constants::get_tardis_inst(); funs.begin().await?; @@ -35,7 +35,7 @@ impl IamCtRoleApi { if is_app.0.unwrap_or(false) { add_req.0.role.kind = Some(IamRoleKind::App); result = IamRoleServ::tenant_add_app_role_agg(&mut add_req.0, &funs, &ctx.0).await?; - }else{ + } else { add_req.0.role.kind = Some(IamRoleKind::Tenant); result = IamRoleServ::add_role_agg(&mut add_req.0, &funs, &ctx.0).await?; } From dfb12a4985adeaaf8634f7d845d9491edeb8064d Mon Sep 17 00:00:00 2001 From: ZzIsGod1019 <1498852723@qq.com> Date: Mon, 20 Nov 2023 00:33:18 -0800 Subject: [PATCH 08/13] iam:modify cert ext length --- support/iam/src/basic/dto/iam_cert_dto.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/iam/src/basic/dto/iam_cert_dto.rs b/support/iam/src/basic/dto/iam_cert_dto.rs index 26b98e964..6d82f2dff 100644 --- a/support/iam/src/basic/dto/iam_cert_dto.rs +++ b/support/iam/src/basic/dto/iam_cert_dto.rs @@ -171,7 +171,7 @@ pub struct IamCertManageModifyReq { pub sk: Option, #[oai(validator(min_length = "2", max_length = "2000"))] pub conn_uri: Option, - #[oai(validator(min_length = "2", max_length = "2000"))] + #[oai(validator(min_length = "2", max_length = "10000"))] pub ext: Option, } From 276f2c8ad9deda0894e98f73ac825511f0fba988 Mon Sep 17 00:00:00 2001 From: ZzIsGod1019 <1498852723@qq.com> Date: Mon, 20 Nov 2023 01:07:09 -0800 Subject: [PATCH 09/13] iam:modify cert ext length --- support/iam/src/basic/dto/iam_cert_dto.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/iam/src/basic/dto/iam_cert_dto.rs b/support/iam/src/basic/dto/iam_cert_dto.rs index 6d82f2dff..ba8ec3d90 100644 --- a/support/iam/src/basic/dto/iam_cert_dto.rs +++ b/support/iam/src/basic/dto/iam_cert_dto.rs @@ -159,7 +159,7 @@ pub struct IamCertManageAddReq { pub conn_uri: Option, #[oai(validator(min_length = "2", max_length = "2000"))] pub supplier: String, - #[oai(validator(min_length = "2", max_length = "2000"))] + #[oai(validator(min_length = "2", max_length = "10000"))] pub ext: Option, } From 482a8961033d41b84e02848958e253b4d1f8242e Mon Sep 17 00:00:00 2001 From: ZzIsGod1019 <1498852723@qq.com> Date: Tue, 21 Nov 2023 00:22:09 -0800 Subject: [PATCH 10/13] flow: post change complete changed_kind --- .../flow/src/serv/flow_external_serv.rs | 14 ++++++++++- middleware/flow/src/serv/flow_inst_serv.rs | 4 +++- middleware/flow/tests/test_flow_api.rs | 2 +- support/iam/src/basic/serv/iam_role_serv.rs | 23 ++++++++++++------- 4 files changed, 32 insertions(+), 11 deletions(-) diff --git a/middleware/flow/src/serv/flow_external_serv.rs b/middleware/flow/src/serv/flow_external_serv.rs index 1579d648a..35b599581 100644 --- a/middleware/flow/src/serv/flow_external_serv.rs +++ b/middleware/flow/src/serv/flow_external_serv.rs @@ -14,7 +14,7 @@ use crate::{ FlowExternalReq, FlowExternalResp, }, flow_state_dto::FlowSysStateKind, - flow_transition_dto::TagRelKind, + flow_transition_dto::{TagRelKind, FlowTransitionActionByVarChangeInfoChangedKind}, }, flow_config::FlowConfig, flow_constants, @@ -85,6 +85,18 @@ impl FlowExternalServ { return Ok(FlowExternalModifyFieldResp {}); } + // complete changed_kind + let params = params.into_iter().map(|mut param| { + if param.changed_kind.is_none() { + if param.value.clone().unwrap_or_default().to_string().is_empty() { + param.changed_kind = Some(FlowTransitionActionByVarChangeInfoChangedKind::Clean); + } else { + param.changed_kind = Some(FlowTransitionActionByVarChangeInfoChangedKind::ChangeContent); + } + } + param + }).collect_vec(); + let header = Self::headers(None, funs, ctx).await?; let body = FlowExternalReq { kind: FlowExternalKind::ModifyField, diff --git a/middleware/flow/src/serv/flow_inst_serv.rs b/middleware/flow/src/serv/flow_inst_serv.rs index bcd3f5dd9..8bdeb170d 100644 --- a/middleware/flow/src/serv/flow_inst_serv.rs +++ b/middleware/flow/src/serv/flow_inst_serv.rs @@ -1232,7 +1232,9 @@ impl FlowInstServ { .from(flow_inst::Entity) .and_where(Expr::col((flow_inst::Entity, flow_inst::Column::CurrentStateId)).eq(flow_state_id)) .and_where(Expr::col((flow_inst::Entity, flow_inst::Column::RelFlowModelId)).eq(flow_model_id)) - .and_where(Expr::col((flow_inst::Entity, flow_inst::Column::FinishAbort)).ne(true)), + .and_where( + Expr::col((flow_inst::Entity, flow_inst::Column::FinishAbort)).ne(true).or(Expr::col((flow_inst::Entity, flow_inst::Column::FinishAbort)).is_null()), + ), ) .await? != 0 diff --git a/middleware/flow/tests/test_flow_api.rs b/middleware/flow/tests/test_flow_api.rs index 94c1ecf6b..fac321953 100644 --- a/middleware/flow/tests/test_flow_api.rs +++ b/middleware/flow/tests/test_flow_api.rs @@ -21,7 +21,7 @@ mod test_flow_scenes_fsm; #[tokio::test] async fn test_flow_api() -> TardisResult<()> { - env::set_var("RUST_LOG", "debug,test_flow_api=trace,sqlx::query=off"); + env::set_var("RUST_LOG", "debug,test_flow_api=trace"); let docker = testcontainers::clients::Cli::default(); let _x = init_rbum_test_container::init(&docker, None).await?; diff --git a/support/iam/src/basic/serv/iam_role_serv.rs b/support/iam/src/basic/serv/iam_role_serv.rs index 02d91fae7..aeb5780d9 100644 --- a/support/iam/src/basic/serv/iam_role_serv.rs +++ b/support/iam/src/basic/serv/iam_role_serv.rs @@ -241,16 +241,23 @@ impl RbumItemCrudOperation Date: Tue, 21 Nov 2023 01:07:05 -0800 Subject: [PATCH 11/13] cargo fmt --- .../flow/src/serv/flow_external_serv.rs | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/middleware/flow/src/serv/flow_external_serv.rs b/middleware/flow/src/serv/flow_external_serv.rs index 35b599581..7b0d3c44e 100644 --- a/middleware/flow/src/serv/flow_external_serv.rs +++ b/middleware/flow/src/serv/flow_external_serv.rs @@ -14,7 +14,7 @@ use crate::{ FlowExternalReq, FlowExternalResp, }, flow_state_dto::FlowSysStateKind, - flow_transition_dto::{TagRelKind, FlowTransitionActionByVarChangeInfoChangedKind}, + flow_transition_dto::{FlowTransitionActionByVarChangeInfoChangedKind, TagRelKind}, }, flow_config::FlowConfig, flow_constants, @@ -86,16 +86,19 @@ impl FlowExternalServ { } // complete changed_kind - let params = params.into_iter().map(|mut param| { - if param.changed_kind.is_none() { - if param.value.clone().unwrap_or_default().to_string().is_empty() { - param.changed_kind = Some(FlowTransitionActionByVarChangeInfoChangedKind::Clean); - } else { - param.changed_kind = Some(FlowTransitionActionByVarChangeInfoChangedKind::ChangeContent); + let params = params + .into_iter() + .map(|mut param| { + if param.changed_kind.is_none() { + if param.value.clone().unwrap_or_default().to_string().is_empty() { + param.changed_kind = Some(FlowTransitionActionByVarChangeInfoChangedKind::Clean); + } else { + param.changed_kind = Some(FlowTransitionActionByVarChangeInfoChangedKind::ChangeContent); + } } - } - param - }).collect_vec(); + param + }) + .collect_vec(); let header = Self::headers(None, funs, ctx).await?; let body = FlowExternalReq { From edcdafdc8cf5d19250ea5ad40e89530183e03289 Mon Sep 17 00:00:00 2001 From: RWDai <27391645+RWDai@users.noreply.github.com> Date: Tue, 21 Nov 2023 20:16:46 -0600 Subject: [PATCH 12/13] Fix dependency conflicts (#536) --- spi/spi-conf/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spi/spi-conf/Cargo.toml b/spi/spi-conf/Cargo.toml index 017279a27..ceb3db3d0 100644 --- a/spi/spi-conf/Cargo.toml +++ b/spi/spi-conf/Cargo.toml @@ -29,7 +29,7 @@ tardis = { workspace = true, features = [ bios-basic = { path = "../../basic", features = ["default"] } lazy_static = { workspace = true } jsonwebtoken = "8" -poem-grpc = "0.2.21" +poem-grpc = "=0.2.22" prost = "0.11.9" poem = "1" prost-types = "0.11.9" From f7960a727c40991d7b35f035b5786f33e1aa5f20 Mon Sep 17 00:00:00 2001 From: 4t145 Date: Wed, 22 Nov 2023 10:28:28 +0800 Subject: [PATCH 13/13] spi-conf: config support place holder (#529) --- basic/src/rbum/domain/rbum_cert.rs | 3 + basic/src/rbum/dto/rbum_cert_dto.rs | 4 + basic/src/rbum/serv/rbum_cert_serv.rs | 2 + basic/src/spi/serv/spi_bs_serv.rs | 3 + basic/tests/test_rbum_cert.rs | 21 ++- sdk/invoke/src/clients.rs | 4 + sdk/invoke/src/clients/iam_client.rs | 8 +- services/bios-all/src/initializer.rs | 1 - spi/spi-conf/Cargo.toml | 8 +- spi/spi-conf/src/api/ci/conf_auth.rs | 125 +++++++++++++++++- .../src/api/ci/conf_config_service_api.rs | 18 ++- spi/spi-conf/src/api/nacos/grpc/mod.rs | 19 ++- .../src/api/nacos/v1/config_service.rs | 8 +- .../src/api/nacos/v2/config_service.rs | 9 +- spi/spi-conf/src/client.rs | 1 + spi/spi-conf/src/client/iam_client.rs | 1 + spi/spi-conf/src/conf_config.rs | 17 ++- spi/spi-conf/src/dto/conf_auth_dto.rs | 50 ++++++- spi/spi-conf/src/lib.rs | 1 + spi/spi-conf/src/serv.rs | 25 +++- spi/spi-conf/src/serv/placehodler.rs | 94 +++++++++++++ spi/spi-conf/tests/spi_conf_api_test.rs | 38 +++--- spi/spi-conf/tests/spi_conf_listener_test.rs | 37 +++--- .../tests/spi_conf_nacos_compatible_test.rs | 40 +++--- support/iam/src/basic/dto/iam_cert_dto.rs | 11 ++ .../iam/src/basic/serv/iam_cert_aksk_serv.rs | 1 + .../iam/src/basic/serv/iam_cert_ldap_serv.rs | 5 + .../basic/serv/iam_cert_mail_vcode_serv.rs | 6 + .../src/basic/serv/iam_cert_oauth2_serv.rs | 4 + .../basic/serv/iam_cert_phone_vcode_serv.rs | 9 ++ support/iam/src/basic/serv/iam_cert_serv.rs | 79 ++++++++++- .../src/basic/serv/iam_cert_user_pwd_serv.rs | 9 ++ .../api/iam_ct_cert_manage_api.rs | 14 +- support/iam/src/iam_initializer.rs | 12 +- support/iam/tests/test_basic.rs | 2 +- support/iam/tests/test_cc_cert.rs | 2 + 36 files changed, 595 insertions(+), 96 deletions(-) create mode 100644 spi/spi-conf/src/client.rs create mode 100644 spi/spi-conf/src/client/iam_client.rs create mode 100644 spi/spi-conf/src/serv/placehodler.rs diff --git a/basic/src/rbum/domain/rbum_cert.rs b/basic/src/rbum/domain/rbum_cert.rs index 3ba5fcff4..a876f0ef5 100644 --- a/basic/src/rbum/domain/rbum_cert.rs +++ b/basic/src/rbum/domain/rbum_cert.rs @@ -22,6 +22,8 @@ pub struct Model { /// Cert key \ /// E.g. password, token, secret key pub sk: String, + /// Whether the key is visible \ + pub sk_invisible: bool, /// Extend information \ /// The content and format are set by the upper service itself pub ext: String, @@ -79,6 +81,7 @@ impl TardisActiveModel for ActiveModel { .col(ColumnDef::new(Column::Supplier).not_null().string()) .col(ColumnDef::new(Column::Ak).not_null().string()) .col(ColumnDef::new(Column::Sk).not_null().string()) + .col(ColumnDef::new(Column::SkInvisible).not_null().boolean().default(false)) .col(ColumnDef::new(Column::Ext).not_null().string()) .col(ColumnDef::new(Column::ConnUri).not_null().string()) .col(ColumnDef::new(Column::RelRbumCertConfId).not_null().string()) diff --git a/basic/src/rbum/dto/rbum_cert_dto.rs b/basic/src/rbum/dto/rbum_cert_dto.rs index f3951b04c..4d3996321 100644 --- a/basic/src/rbum/dto/rbum_cert_dto.rs +++ b/basic/src/rbum/dto/rbum_cert_dto.rs @@ -15,6 +15,7 @@ pub struct RbumCertAddReq { pub ak: TrimString, #[cfg_attr(feature = "default", oai(validator(min_length = "2", max_length = "10000")))] pub sk: Option, + pub sk_invisible: Option, pub is_ignore_check_sk: bool, pub kind: Option, pub supplier: Option, @@ -43,6 +44,7 @@ pub struct RbumCertModifyReq { pub ak: Option, #[cfg_attr(feature = "default", oai(validator(min_length = "2", max_length = "10000")))] pub sk: Option, + pub sk_invisible: Option, pub is_ignore_check_sk: bool, #[cfg_attr(feature = "default", oai(validator(min_length = "2", max_length = "2000")))] pub ext: Option, @@ -83,6 +85,7 @@ pub struct RbumCertSummaryWithSkResp { pub id: String, pub ak: String, pub sk: String, + pub sk_invisible: bool, pub ext: String, pub conn_uri: String, pub start_time: DateTime, @@ -108,6 +111,7 @@ pub struct RbumCertSummaryWithSkResp { pub struct RbumCertDetailResp { pub id: String, pub ak: String, + pub sk_invisible: bool, pub ext: String, pub start_time: DateTime, pub end_time: DateTime, diff --git a/basic/src/rbum/serv/rbum_cert_serv.rs b/basic/src/rbum/serv/rbum_cert_serv.rs index 6552b5fd4..5105254ea 100644 --- a/basic/src/rbum/serv/rbum_cert_serv.rs +++ b/basic/src/rbum/serv/rbum_cert_serv.rs @@ -388,6 +388,7 @@ impl RbumCrudOperation Tardis rel_rbum_id: context.owner.to_string(), is_outside: false, is_ignore_check_sk: false, + sk_invisible: None, }, &funs, context, @@ -336,6 +337,7 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis rel_rbum_id: context.owner.to_string(), is_outside: false, is_ignore_check_sk: false, + sk_invisible: None, }, &funs, context, @@ -347,6 +349,7 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis &mut RbumCertModifyReq { ak: Some("test".into()), sk: None, + sk_invisible: None, ext: None, start_time: None, end_time: None, @@ -410,6 +413,7 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis kind: None, supplier: None, is_ignore_check_sk: false, + sk_invisible: None, }, &funs, context, @@ -432,7 +436,8 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis is_outside: false, kind: None, supplier: None, - is_ignore_check_sk: false + is_ignore_check_sk: false, + sk_invisible: None, }, &funs, context, @@ -445,6 +450,7 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis &mut RbumCertModifyReq { ak: Some("test".into()), sk: None, + sk_invisible: None, ext: None, start_time: None, end_time: None, @@ -580,7 +586,8 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { is_outside: false, kind: None, supplier: None, - is_ignore_check_sk: false + is_ignore_check_sk: false, + sk_invisible: None, }, &funs, context, @@ -593,6 +600,7 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { &mut RbumCertAddReq { ak: TrimString("gudaoxuri".to_string()), sk: None, + sk_invisible: None, ext: None, vcode: None, start_time: None, @@ -618,6 +626,7 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { &mut RbumCertAddReq { ak: TrimString("gudaoxuri".to_string()), sk: Some(TrimString("aa".to_string())), + sk_invisible: None, vcode: None, ext: None, start_time: None, @@ -643,6 +652,7 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { &mut RbumCertAddReq { ak: TrimString("gudaoxuri".to_string()), sk: Some(TrimString("12345678".to_string())), + sk_invisible: None, vcode: None, ext: None, start_time: None, @@ -668,6 +678,7 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { &mut RbumCertAddReq { ak: TrimString("gudaoxuri".to_string()), sk: Some(TrimString("12345678".to_string())), + sk_invisible: None, vcode: None, ext: None, start_time: None, @@ -692,6 +703,7 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { &mut RbumCertAddReq { ak: TrimString("gudaoxuri".to_string()), sk: Some(TrimString("12345678".to_string())), + sk_invisible: None, vcode: None, ext: None, start_time: None, @@ -716,6 +728,7 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { &mut RbumCertAddReq { ak: TrimString("gudaoxuri".to_string()), sk: Some(TrimString("12345678".to_string())), + sk_invisible: None, vcode: None, ext: None, start_time: None, @@ -740,6 +753,7 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { &mut RbumCertAddReq { ak: TrimString("root".to_string()), sk: Some(TrimString("12345678".to_string())), + sk_invisible: None, vcode: None, ext: None, start_time: None, @@ -776,6 +790,7 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { ext: Some("ext".to_string()), ak: None, sk: None, + sk_invisible: None, start_time: None, end_time: None, conn_uri: None, @@ -794,6 +809,7 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { ext: Some("ext".to_string()), ak: None, sk: None, + sk_invisible: None, start_time: None, end_time: None, conn_uri: None, @@ -921,6 +937,7 @@ async fn test_rbum_cert_sk_dynamic(context: &TardisContext) -> TardisResult<()> &mut RbumCertAddReq { ak: TrimString("i@sunisle.org".to_string()), sk: None, + sk_invisible: None, vcode: Some(TrimString("123456".to_string())), ext: None, start_time: None, diff --git a/sdk/invoke/src/clients.rs b/sdk/invoke/src/clients.rs index eed499454..5bc58a3b4 100644 --- a/sdk/invoke/src/clients.rs +++ b/sdk/invoke/src/clients.rs @@ -163,6 +163,7 @@ macro_rules! tardis_api { build */ ($fn_name:ident @build get {$($args_i:ident:$args_t:ty,)*} {$($path:expr,)*} {$($query:expr,)*;$($optional_query:expr,)*} $Resp:ty) => { + #[allow(unused_mut)] pub async fn $fn_name(&self, $($args_i:$args_t,)*) -> tardis::basic::result::TardisResult<$Resp> { use $crate::clients::SimpleInvokeClient; use tardis::web::web_resp::TardisResp; @@ -186,6 +187,7 @@ macro_rules! tardis_api { } }; ($fn_name:ident @build post {$($args_i:ident:$args_t:ty,)*} {$($path:expr,)*} {$($query:expr,)*;$($optional_query:expr,)*} $Body:ty => $Resp:ty) => { + #[allow(unused_mut)] pub async fn $fn_name(&self, $($args_i:$args_t,)* body: &$Body) -> tardis::basic::result::TardisResult<$Resp> { use $crate::clients::SimpleInvokeClient; use tardis::web::web_resp::TardisResp; @@ -209,6 +211,7 @@ macro_rules! tardis_api { } }; ($fn_name:ident @build put {$($args_i:ident:$args_t:ty,)*} {$($path:expr,)*} {$($query:expr,)*;$($optional_query:expr,)*} $Body:ty => $Resp:ty) => { + #[allow(unused_mut)] pub async fn $fn_name(&self, $($args_i:$args_t,)* body: &$Body) -> tardis::basic::result::TardisResult<$Resp> { use $crate::clients::SimpleInvokeClient; use tardis::web::web_resp::TardisResp; @@ -232,6 +235,7 @@ macro_rules! tardis_api { } }; ($fn_name:ident @build delete {$($args_i:ident:$args_t:ty,)*} {$($path:expr,)*} {$($query:expr,)*;$($optional_query:expr,)*} $Resp:ty) => { + #[allow(unused_mut)] pub async fn $fn_name(&self, $($args_i:$args_t),*) -> tardis::basic::result::TardisResult<$Resp> { use $crate::clients::SimpleInvokeClient; use tardis::web::web_resp::TardisResp; diff --git a/sdk/invoke/src/clients/iam_client.rs b/sdk/invoke/src/clients/iam_client.rs index 916b2e58d..21636fe01 100644 --- a/sdk/invoke/src/clients/iam_client.rs +++ b/sdk/invoke/src/clients/iam_client.rs @@ -1,4 +1,4 @@ -use std::collections::HashMap; +use std::collections::{HashMap, HashSet}; use serde::{Deserialize, Serialize}; use tardis::{basic::dto::TardisContext, web::poem_openapi, TardisFunsInst}; @@ -47,7 +47,13 @@ pub struct IamAccountDetailAggResp { pub orgs: Vec, } +#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] +pub struct IamCertDecodeRequest { + pub codes: HashSet, +} + impl_tardis_api_client! { IamClient<'_>: {get_account, get ["/ct/account", id] {tenant_id} IamAccountDetailAggResp} + {batch_decode_cert, post ["/ct/cert/manage/decode"] IamCertDecodeRequest => HashMap} } diff --git a/services/bios-all/src/initializer.rs b/services/bios-all/src/initializer.rs index 923ddcdaa..01abbe34c 100644 --- a/services/bios-all/src/initializer.rs +++ b/services/bios-all/src/initializer.rs @@ -12,7 +12,6 @@ pub async fn init(web_server: &TardisWebServer) -> TardisResult<()> { .with_arc_channel(tardis::TardisFuns::mail_by_module_or_default(bios_reach::reach_consts::MODULE_CODE)), ) .await?; - bios_spi_cache::cache_initializer::init(web_server).await?; bios_spi_graph::graph_initializer::init(web_server).await?; bios_spi_kv::kv_initializer::init(web_server).await?; diff --git a/spi/spi-conf/Cargo.toml b/spi/spi-conf/Cargo.toml index ceb3db3d0..f6e97b43e 100644 --- a/spi/spi-conf/Cargo.toml +++ b/spi/spi-conf/Cargo.toml @@ -35,11 +35,15 @@ poem = "1" prost-types = "0.11.9" strum = { version = "0.25.0", features = ["derive"] } tokio-stream = { version = "0.1.14", features = ["sync"] } - +bios-sdk-invoke = { path = "../../sdk/invoke", features = [ + "iam", + "macro", +], default-features = false } +ipnet = { version = "2", features = ["serde"] } [dev-dependencies] tardis = { workspace = true, features = ["test", "conf-remote", "mq"] } bios-basic = { path = "../../basic", features = ["default", "test"] } reqwest = "*" testcontainers-modules = { workspace = true } [build-dependencies] -poem-grpc-build = "0.2.21" +poem-grpc-build = "0.2.22" diff --git a/spi/spi-conf/src/api/ci/conf_auth.rs b/spi/spi-conf/src/api/ci/conf_auth.rs index fa9eb3b0c..c6d18d696 100644 --- a/spi/spi-conf/src/api/ci/conf_auth.rs +++ b/spi/spi-conf/src/api/ci/conf_auth.rs @@ -1,11 +1,33 @@ -use tardis::web::{ - context_extractor::TardisContextExtractor, - poem_openapi::{self, payload::Json}, - web_resp::{TardisApiResult, TardisResp}, +use bios_basic::{ + rbum::{ + dto::rbum_filer_dto::RbumBasicFilterReq, + serv::{ + rbum_crud_serv::RbumCrudOperation, + rbum_domain_serv::RbumDomainServ, + rbum_item_serv::{RbumItemCrudOperation, RbumItemServ}, + rbum_kind_serv::RbumKindServ, + }, + }, + spi::{ + dto::spi_bs_dto::SpiBsAddReq, + serv::spi_bs_serv::SpiBsServ, + spi_constants::{self}, + }, +}; +use poem::web::RealIp; +use tardis::{ + basic::error::TardisError, + serde_json, + web::{ + context_extractor::TardisContextExtractor, + poem_openapi::{self, payload::Json}, + reqwest::Url, + web_resp::{TardisApiResult, TardisResp}, + }, }; -use crate::dto::conf_auth_dto::*; -use crate::serv::*; +use crate::{conf_constants::DOMAIN_CODE, serv::*}; +use crate::{dto::conf_auth_dto::*, serv::placehodler::has_placeholder_auth}; #[derive(Default, Clone, Copy, Debug)] @@ -20,4 +42,95 @@ impl ConfCiAuthApi { let resp = register(reg_req, &funs, &ctx.0).await?; TardisResp::ok(resp) } + #[oai(path = "/register", method = "put")] + async fn change_password(&self, json: Json, ctx: TardisContextExtractor) -> TardisApiResult { + let reg_req = json.0; + let funs = crate::get_tardis_inst(); + let resp = change_password(reg_req, &funs, &ctx.0).await?; + TardisResp::ok(resp) + } + #[oai(path = "/register_bundle", method = "put")] + async fn register_bundle(&self, json: Json, ctx: TardisContextExtractor) -> TardisApiResult { + let req = json.0; + let mut funs = crate::get_tardis_inst(); + let mut ctx = ctx.0; + let source = if let Some(source) = req.backend_service { + serde_json::from_value(source).unwrap_or_default() + } else { + BackendServiceSource::Default + }; + funs.begin().await?; + let default_ctx = ctx.clone(); + let bs_id = match source { + BackendServiceSource::Id(id) => id, + BackendServiceSource::Default => { + // let default_ctx = TardisContext::default(); + let rbum_domain = RbumDomainServ::find_one_rbum( + &RbumBasicFilterReq { + code: Some(DOMAIN_CODE.to_string()), + ..Default::default() + }, + &funs, + &default_ctx, + ) + .await? + .ok_or_else(|| funs.err().not_found(&SpiBsServ::get_obj_name(), "register", "not found spi-conf domain", "404-spi-bs-not-exist"))?; + let bs = RbumItemServ::find_one_rbum( + &RbumBasicFilterReq { + enabled: Some(true), + rbum_domain_id: Some(rbum_domain.id), + ..Default::default() + }, + &funs, + &default_ctx, + ) + .await? + .ok_or_else(|| funs.err().not_found(&SpiBsServ::get_obj_name(), "register", "not found backend service", "404-spi-bs-not-exist"))?; + bs.id + } + BackendServiceSource::New { name, conn_uri, kind_code } => { + // #TODO + // this should be determined by url, but now we only support spi-pg + let kind_code = kind_code.unwrap_or(spi_constants::SPI_PG_KIND_CODE.to_string()); + let kind_id = RbumKindServ::get_rbum_kind_id_by_code(&kind_code, &funs) + .await? + .ok_or_else(|| funs.err().not_found(&SpiBsServ::get_obj_name(), "register", "db spi kind not found", "404-spi-bs-not-exist"))?; + let conn_uri = conn_uri.parse::().map_err(|_| TardisError::bad_request("invalid conn url", "400-spi_conf-bad-request"))?; + let ak = conn_uri.username(); + let sk = conn_uri.password().unwrap_or(""); + SpiBsServ::add_item( + &mut SpiBsAddReq { + name: name.into(), + conn_uri: conn_uri.to_string(), + ext: "{\"max_connections\":20,\"min_connections\":10}".to_string(), + private: false, + disabled: None, + ak: ak.into(), + sk: sk.into(), + kind_id: kind_id.into(), + }, + &funs, + &default_ctx, + ) + .await? + } + }; + let app_tenant_id = req.app_tenant_id.as_deref().unwrap_or(ctx.owner.as_str()); + SpiBsServ::add_rel(&bs_id, app_tenant_id, &funs, &ctx).await?; + ctx.owner = app_tenant_id.to_string(); + let resp = register(req.register_request, &funs, &ctx).await?; + funs.commit().await?; + TardisResp::ok(resp) + } + #[oai(path = "/placeholder", method = "get")] + async fn placeholder(&self, RealIp(real_ip): RealIp) -> TardisApiResult { + let funs = crate::get_tardis_inst(); + if let Some(ip_addr) = real_ip { + TardisResp::ok(has_placeholder_auth(ip_addr, &funs)) + } else { + TardisResp::ok(false) + } + } } + +// id+owner diff --git a/spi/spi-conf/src/api/ci/conf_config_service_api.rs b/spi/spi-conf/src/api/ci/conf_config_service_api.rs index e2fa0a28b..4d1c7cbea 100644 --- a/spi/spi-conf/src/api/ci/conf_config_service_api.rs +++ b/spi/spi-conf/src/api/ci/conf_config_service_api.rs @@ -1,3 +1,4 @@ +use poem::web::RealIp; use tardis::{ basic::error::TardisError, db::sea_orm::prelude::Uuid, @@ -8,8 +9,11 @@ use tardis::{ }, }; -use crate::dto::{conf_config_dto::*, conf_namespace_dto::*}; use crate::{conf_constants::error, serv::*}; +use crate::{ + dto::{conf_config_dto::*, conf_namespace_dto::*}, + serv::placehodler::render_content_for_ip, +}; #[derive(Default, Clone, Copy, Debug)] pub struct ConfCiConfigServiceApi; @@ -32,6 +36,7 @@ impl ConfCiConfigServiceApi { /// 配置类型 r#type: Query>, ctx: TardisContextExtractor, + real_ip: RealIp, ) -> TardisApiResult { let namespace_id = namespace_id.0.or(tenant.0).unwrap_or("public".into()); let tags = tag.0.unwrap_or_default().split(',').map(str::trim).map(String::from).collect(); @@ -43,7 +48,10 @@ impl ConfCiConfigServiceApi { tp: r#type.0, }; let funs = crate::get_tardis_inst(); - let content = get_config(&mut descriptor, &funs, &ctx.0).await?; + let mut content = get_config(&mut descriptor, &funs, &ctx.0).await?; + if let Some(ip) = real_ip.0 { + content = render_content_for_ip(content, ip, &funs, &ctx.0).await?; + } TardisResp::ok(content) } #[oai(path = "/config/detail", method = "get")] @@ -60,6 +68,7 @@ impl ConfCiConfigServiceApi { /// 配置类型 r#type: Query>, ctx: TardisContextExtractor, + real_ip: RealIp, ) -> TardisApiResult { let namespace_id = namespace_id.0.or(tenant.0).unwrap_or("public".into()); let tags = tag.0.unwrap_or_default().split(',').map(str::trim).map(String::from).collect(); @@ -71,7 +80,10 @@ impl ConfCiConfigServiceApi { tp: r#type.0, }; let funs = crate::get_tardis_inst(); - let config_item = get_config_detail(&mut descriptor, &funs, &ctx.0).await?; + let mut config_item = get_config_detail(&mut descriptor, &funs, &ctx.0).await?; + if let Some(ip) = real_ip.0 { + config_item.content = render_content_for_ip(config_item.content, ip, &funs, &ctx.0).await?; + } TardisResp::ok(config_item) } #[oai(path = "/config", method = "post")] diff --git a/spi/spi-conf/src/api/nacos/grpc/mod.rs b/spi/spi-conf/src/api/nacos/grpc/mod.rs index ce09527e8..cbf48c097 100644 --- a/spi/spi-conf/src/api/nacos/grpc/mod.rs +++ b/spi/spi-conf/src/api/nacos/grpc/mod.rs @@ -1,4 +1,4 @@ -use std::collections::HashMap; +use std::{collections::HashMap, net::IpAddr}; use serde::{Deserialize, Serialize}; use tardis::{ @@ -14,7 +14,10 @@ pub use proto::{ BiRequestStream as BiRequestStreamProto, BiRequestStreamServer as BiRequestStreamGrpcServer, Metadata, Payload, Request as RequestProto, RequestServer as RequestGrpcServer, }; -use crate::dto::conf_config_dto::{ConfigDescriptor, ConfigItem}; +use crate::{ + dto::conf_config_dto::{ConfigDescriptor, ConfigItem}, + serv::placehodler::render_content_for_ip, +}; #[derive(Clone, Default)] pub struct RequestProtoImpl; @@ -27,13 +30,14 @@ impl RequestProto for RequestProtoImpl { }; log::trace!("metadata: {metadata:?}"); let access_token = metadata.headers.get("accessToken").map(|x| x.as_str()); + let client_ip = metadata.client_ip.parse::().ok(); let Some(body) = &request.body else { return Err(Status::new(Code::InvalidArgument)); }; let body = String::from_utf8_lossy(&body.value); log::trace!("body: {}", body); let type_info = &metadata.r#type; - dispatch_request(type_info, &body, access_token).await.map(Response::new).map_err(|e| { + dispatch_request(type_info, &body, access_token, client_ip).await.map(Response::new).map_err(|e| { log::error!("[spi-conf.nacos.grpc] dispatch_request error: {}", e); Status::new(Code::Internal) }) @@ -263,7 +267,7 @@ impl AsPayload for ConfigChangeBatchListenResponse { const TYPE_NAME: &'static str = "ConfigChangeBatchListenResponse"; } -pub async fn dispatch_request(type_info: &str, value: &str, access_token: Option<&str>) -> TardisResult { +pub async fn dispatch_request(type_info: &str, value: &str, access_token: Option<&str>, ip: Option) -> TardisResult { use crate::serv::*; let funs = crate::get_tardis_inst(); let get_ctx = async { @@ -287,7 +291,12 @@ pub async fn dispatch_request(type_info: &str, value: &str, access_token: Option ..Default::default() }; match get_config_detail(&mut descriptor, &funs, &ctx).await { - Ok(data) => ConfigQueryResponse::from(data).as_payload(), + Ok(mut data) => { + if let Some(ip) = ip { + data.content = render_content_for_ip(data.content, ip, &funs, &ctx).await?; + } + ConfigQueryResponse::from(data).as_payload() + } Err(_) => ConfigQueryResponseNotFound::default().as_payload(), } } diff --git a/spi/spi-conf/src/api/nacos/v1/config_service.rs b/spi/spi-conf/src/api/nacos/v1/config_service.rs index 1210350d5..5e8a912d5 100644 --- a/spi/spi-conf/src/api/nacos/v1/config_service.rs +++ b/spi/spi-conf/src/api/nacos/v1/config_service.rs @@ -1,3 +1,4 @@ +use poem::web::RealIp; use tardis::{ basic::error::TardisError, db::sea_orm::prelude::Uuid, @@ -15,6 +16,7 @@ use tardis::{ use crate::{ api::nacos::{extract_context, extract_context_from_body}, dto::{conf_config_dto::*, conf_config_nacos_dto::PublishConfigForm, conf_namespace_dto::*}, + serv::placehodler::render_content_for_ip, }; use crate::{conf_constants::error, serv::*}; @@ -38,6 +40,7 @@ impl ConfNacosV1CsApi { #[oai(name = "dataId")] data_id: Query, request: &Request, + real_ip: RealIp, ) -> poem::Result> { let namespace_id = namespace_id.0.or(tenant.0).unwrap_or("public".into()); let mut descriptor = ConfigDescriptor { @@ -48,7 +51,10 @@ impl ConfNacosV1CsApi { }; let funs = crate::get_tardis_inst(); let ctx = extract_context(request).await?; - let content = get_config(&mut descriptor, &funs, &ctx).await.map_err(tardis_err_to_poem_err)?; + let mut content = get_config(&mut descriptor, &funs, &ctx).await.map_err(tardis_err_to_poem_err)?; + if let Some(ip) = real_ip.0 { + content = render_content_for_ip(content, ip, &funs, &ctx).await?; + } Ok(PlainText(content)) } #[oai(path = "/configs", method = "post")] diff --git a/spi/spi-conf/src/api/nacos/v2/config_service.rs b/spi/spi-conf/src/api/nacos/v2/config_service.rs index 1ab074b1c..bc5ed57ee 100644 --- a/spi/spi-conf/src/api/nacos/v2/config_service.rs +++ b/spi/spi-conf/src/api/nacos/v2/config_service.rs @@ -1,10 +1,11 @@ +use poem::web::RealIp; use tardis::web::{ poem::{self, web::Form, Request}, poem_openapi::{self, param::Query, payload::Json}, }; use super::tardis_err_to_poem_err; -use crate::serv::*; +use crate::serv::{placehodler::render_content_for_ip, *}; use crate::{ api::nacos::extract_context, dto::{conf_config_dto::*, conf_config_nacos_dto::*, conf_namespace_dto::*}, @@ -29,6 +30,7 @@ impl ConfNacosV2CsApi { data_id: Query, tag: Query>, request: &Request, + real_ip: RealIp, ) -> NacosResult { let namespace_id = namespace_id.0.or(tenant.0).unwrap_or("public".into()); let tags = tag.0.map(|tag| tag.split(',').map(String::from).collect::>()).unwrap_or_default(); @@ -41,7 +43,10 @@ impl ConfNacosV2CsApi { }; let funs = crate::get_tardis_inst(); let ctx = extract_context(request).await?; - let content = get_config(&mut descriptor, &funs, &ctx).await.map_err(tardis_err_to_poem_err)?; + let mut content = get_config(&mut descriptor, &funs, &ctx).await.map_err(tardis_err_to_poem_err)?; + if let Some(ip) = real_ip.0 { + content = render_content_for_ip(content, ip, &funs, &ctx).await?; + } Ok(Json(NacosResponse::ok(content))) } #[oai(path = "/configs", method = "post")] diff --git a/spi/spi-conf/src/client.rs b/spi/spi-conf/src/client.rs new file mode 100644 index 000000000..fdfae8595 --- /dev/null +++ b/spi/spi-conf/src/client.rs @@ -0,0 +1 @@ +pub mod iam_client; diff --git a/spi/spi-conf/src/client/iam_client.rs b/spi/spi-conf/src/client/iam_client.rs new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/spi/spi-conf/src/client/iam_client.rs @@ -0,0 +1 @@ + diff --git a/spi/spi-conf/src/conf_config.rs b/spi/spi-conf/src/conf_config.rs index 5db7c2ece..39b27ebcb 100644 --- a/spi/spi-conf/src/conf_config.rs +++ b/spi/spi-conf/src/conf_config.rs @@ -1,5 +1,8 @@ +use std::net::IpAddr; +use ipnet::IpNet; use bios_basic::rbum::rbum_config::RbumConfig; use serde::{Deserialize, Serialize}; +use tardis::consts::{IP_LOCALHOST, IP_UNSPECIFIED}; use crate::dto::conf_auth_dto::RegisterRequest; @@ -15,7 +18,15 @@ pub struct ConfConfig { pub auth_password: String, pub nacos_port: u16, pub nacos_grpc_port: u16, - pub nacos_host: std::net::IpAddr, + pub nacos_host: IpAddr, + pub placeholder_white_list: Vec, + pub iam_client: IamClientConfig, +} + +#[derive(Debug, Serialize, Deserialize, Clone, Default)] +#[serde(default)] +pub struct IamClientConfig { + pub base_url: String, } impl ConfConfig { @@ -41,7 +52,9 @@ impl Default for ConfConfig { rbum: Default::default(), nacos_port: 8848, nacos_grpc_port: 9848, - nacos_host: std::net::IpAddr::V4(std::net::Ipv4Addr::UNSPECIFIED), + nacos_host: IP_UNSPECIFIED, + placeholder_white_list: vec![IpNet::from(IP_LOCALHOST)], + iam_client: Default::default(), } } } diff --git a/spi/spi-conf/src/dto/conf_auth_dto.rs b/spi/spi-conf/src/dto/conf_auth_dto.rs index e076cf5d6..9182748ce 100644 --- a/spi/spi-conf/src/dto/conf_auth_dto.rs +++ b/spi/spi-conf/src/dto/conf_auth_dto.rs @@ -1,5 +1,5 @@ use serde::{Deserialize, Serialize}; -use tardis::{basic::field::TrimString, web::poem_openapi}; +use tardis::{basic::field::TrimString, serde_json, web::poem_openapi}; use super::conf_config_nacos_dto::{NacosCreateNamespaceRequest, NacosDeleteNamespaceRequest, NacosEditNamespaceRequest, PublishConfigForm}; @@ -57,12 +57,60 @@ pub struct RegisterRequest { pub password: Option, } +#[derive(Debug, Serialize, Deserialize, poem_openapi::Object, Default)] +pub struct RegisterBundleRequest { + pub backend_service: Option, + pub app_tenant_id: Option, + #[oai(flatten)] + #[serde(flatten)] + pub register_request: RegisterRequest, +} + +#[derive(Debug, Serialize, Deserialize, Default)] +#[serde(tag = "type", content = "value", rename_all = "snake_case")] +pub enum BackendServiceSource { + Id(String), + #[default] + Default, + New { + name: String, + conn_uri: String, + // + kind_code: Option, + }, +} + +#[derive(Debug, Serialize, Deserialize, poem_openapi::Object, Default)] +pub struct ChangePasswordRequest { + #[oai(validator(pattern = r"^[a-zA-Z\d_]{5,16}$"))] + pub username: TrimString, + #[oai(validator(pattern = r"^[a-zA-Z\d~!@#$%^&*\(\)_+]{8,16}$"))] + pub old_password: TrimString, + #[oai(validator(pattern = r"^[a-zA-Z\d~!@#$%^&*\(\)_+]{8,16}$"))] + pub password: Option, +} + impl RegisterRequest { #[inline] pub fn ak(&self) -> Option<&str> { self.username.as_deref() } #[inline] + pub fn old_sk(&self) -> Option<&str> { + self.password.as_deref() + } + #[inline] + pub fn sk(&self) -> Option<&str> { + self.password.as_deref() + } +} + +impl ChangePasswordRequest { + #[inline] + pub fn ak(&self) -> &str { + self.username.as_str() + } + #[inline] pub fn sk(&self) -> Option<&str> { self.password.as_deref() } diff --git a/spi/spi-conf/src/lib.rs b/spi/spi-conf/src/lib.rs index 0b683789a..23ad543be 100644 --- a/spi/spi-conf/src/lib.rs +++ b/spi/spi-conf/src/lib.rs @@ -2,6 +2,7 @@ #![warn(clippy::dbg_macro)] mod api; +pub(crate) mod client; pub mod conf_config; pub mod conf_constants; pub mod conf_initializer; diff --git a/spi/spi-conf/src/serv.rs b/spi/spi-conf/src/serv.rs index 2d62b9fdb..dae310850 100644 --- a/spi/spi-conf/src/serv.rs +++ b/spi/spi-conf/src/serv.rs @@ -17,6 +17,7 @@ use bios_basic::{ }, spi_dispatch_service, }; + use tardis::{ basic::{dto::TardisContext, error::TardisError, result::TardisResult}, db::sea_orm::prelude::Uuid, @@ -33,7 +34,7 @@ use crate::{ conf_constants::{error::*, *}, conf_initializer, dto::{ - conf_auth_dto::{RegisterRequest, RegisterResponse}, + conf_auth_dto::{ChangePasswordRequest, RegisterRequest, RegisterResponse}, conf_config_dto::*, conf_config_nacos_dto::NacosJwtClaim, conf_namespace_dto::*, @@ -42,6 +43,7 @@ use crate::{ }; #[cfg(feature = "spi-pg")] mod pg; +pub mod placehodler; spi_dispatch_service! { @mgr: true, @@ -182,11 +184,32 @@ pub async fn register(req: RegisterRequest, funs: &TardisFunsInst, ctx: &TardisC rel_rbum_kind: RbumCertRelKind::Item, rel_rbum_id: spi_bs.id, is_outside: false, + sk_invisible: None, }; RbumCertServ::add_rbum(&mut add_cert_req, funs, &conf_cert_ctx).await?; Ok(RegisterResponse::new(ak, sk)) } +/// register a cert for nacos +pub async fn change_password(req: ChangePasswordRequest, funs: &TardisFunsInst, _ctx: &TardisContext) -> TardisResult { + let ak = req.ak(); + let rand_sk = random_sk(); + let sk = req.sk().unwrap_or(rand_sk.as_str()); + // check if exist + let find_filter = RbumCertFilterReq { + kind: Some(String::from(SPI_CONF_CERT_KIND)), + ak: Some(ak.to_string()), + ..Default::default() + }; + // conf cert using another context + let conf_cert_ctx = TardisContext::default(); + if let Some(result) = RbumCertServ::find_one_rbum(&find_filter, funs, &conf_cert_ctx).await? { + let id = result.id; + RbumCertServ::reset_sk(&id, sk, false, &find_filter, funs, &conf_cert_ctx).await?; + } + Ok(RegisterResponse::new(ak, sk)) +} + /// convert ak and sk to corresponded tardis context pub async fn auth(ak: &str, sk: &str, funs: &TardisFunsInst) -> TardisResult { let find_filter = RbumCertFilterReq { diff --git a/spi/spi-conf/src/serv/placehodler.rs b/spi/spi-conf/src/serv/placehodler.rs new file mode 100644 index 000000000..eb794c78c --- /dev/null +++ b/spi/spi-conf/src/serv/placehodler.rs @@ -0,0 +1,94 @@ +// PlaceHodler $bios{KEY} + +use std::collections::{HashMap, HashSet}; +use std::net::IpAddr; + +use bios_basic::rbum::helper::rbum_scope_helper::get_scope_level_by_context; +use bios_basic::rbum::rbum_enumeration::RbumScopeLevelKind; +use bios_sdk_invoke::clients::iam_client::{IamCertDecodeRequest, IamClient}; +use tardis::basic::dto::TardisContext; +use tardis::basic::result::TardisResult; +use tardis::regex::Regex; +use tardis::tardis_static; + +use crate::conf_config::ConfConfig; + +tardis_static! { + pub place_holder_regex: Regex = Regex::new(r"\$CERT\{([A-Z_]+)\}").expect("invalid content replace regex"); +} + +#[derive(Debug, Clone, Copy)] +enum Segment<'s> { + Raw(&'s str), + Replace { key: &'s str }, +} + +fn parse_content(content: &str) -> Vec> { + let mut new_content = String::new(); + let matcher = place_holder_regex().find_iter(content); + let mut idx = 0; + let mut result = Vec::new(); + for mat in matcher { + result.push(Segment::Raw(&content[idx..mat.start()])); + let key = &content[(mat.start() + 6)..(mat.end() - 1)]; + result.push(Segment::Replace { key }); + idx = mat.end(); + } + new_content.push_str(&content[idx..]); + result +} + +pub async fn rander_content(content: String, config: &ConfConfig, funs: &tardis::TardisFunsInst, ctx: &TardisContext) -> TardisResult { + let segments = parse_content(&content); + // render + let keys = segments.iter().fold(HashSet::new(), |mut set, seg| { + if let Segment::Replace { key } = seg { + set.insert(*key); + } + set + }); + // no need for render + if keys.is_empty() { + return Ok(content); + } + // enhancement: this can be depart from function, KvSource should be trait + let kvmap = get_kvmap(keys, config, funs, ctx).await?; + let content = segments.into_iter().fold(String::new(), |content, seg| match seg { + Segment::Raw(raw) => content + raw, + Segment::Replace { key } => content + kvmap.get(key).unwrap_or(&String::new()).as_str(), + }); + Ok(content) +} + +async fn get_kvmap(codes: HashSet<&str>, config: &ConfConfig, funs: &tardis::TardisFunsInst, ctx: &TardisContext) -> TardisResult> { + let url = config.iam_client.base_url.as_str(); + let client = IamClient::new("", funs, ctx, url); + let codes = codes.into_iter().map(|s| s.to_string()).collect::>(); + let req = IamCertDecodeRequest { codes }; + let response = client.batch_decode_cert(&req).await?; + Ok(response) +} + +pub fn has_placeholder_auth(source_addr: IpAddr, funs: &tardis::TardisFunsInst) -> bool { + let cfg = funs.conf::(); + cfg.placeholder_white_list.iter().any(|net| net.contains(&source_addr)) +} + +pub async fn render_content_for_ip(content: String, source_addr: IpAddr, funs: &tardis::TardisFunsInst, ctx: &tardis::basic::dto::TardisContext) -> TardisResult { + let cfg = funs.conf::(); + let level = get_scope_level_by_context(ctx)?; + if has_placeholder_auth(source_addr, funs) && level == RbumScopeLevelKind::Root { + rander_content(content, cfg.as_ref(), funs, ctx).await + } else { + Ok(content) + } +} + +#[test] +#[cfg(test)] +fn test() { + let test_config = r#" +The Code is $CERT{CODE} and the value is $CERT{VALUE} +"#; + parse_content(test_config); +} diff --git a/spi/spi-conf/tests/spi_conf_api_test.rs b/spi/spi-conf/tests/spi_conf_api_test.rs index 79befcf0b..a28541341 100644 --- a/spi/spi-conf/tests/spi_conf_api_test.rs +++ b/spi/spi-conf/tests/spi_conf_api_test.rs @@ -17,9 +17,7 @@ use tardis::{ basic::{dto::TardisContext, field::TrimString, result::TardisResult}, log, serde_json::{json, Value}, - testcontainers, tokio, - web::web_resp::Void, - TardisFuns, + testcontainers, tokio, TardisFuns, }; mod spi_conf_test_common; use spi_conf_test_common::*; @@ -29,28 +27,28 @@ async fn spi_conf_namespace_test() -> TardisResult<()> { std::env::set_var("RUST_LOG", "info,sqlx=off,sea_orm=debug,spi_conf_namespace_test=DEBUG,bios_spi_conf=TRACE"); let docker = testcontainers::clients::Cli::default(); let container_hold = init_tardis(&docker).await?; - let _web_server_hanlde = start_web_server().await?; + start_web_server().await?; let tardis_ctx = TardisContext::default(); let mut client = TestHttpClient::new("https://localhost:8080/spi-conf".to_string()); client.set_auth(&tardis_ctx)?; let funs = TardisFuns::inst_with_db_conn(DOMAIN_CODE.to_string(), None); - let kind_id = RbumKindServ::get_rbum_kind_id_by_code(spi_constants::SPI_PG_KIND_CODE, &funs).await?.unwrap(); - let bs_id: String = client - .post( - "/ci/manage/bs", - &SpiBsAddReq { - name: TrimString("test-spi".to_string()), - kind_id: TrimString(kind_id), - conn_uri: env::var("TARDIS_FW.DB.URL").unwrap(), - ak: TrimString("".to_string()), - sk: TrimString("".to_string()), - ext: "{\"max_connections\":20,\"min_connections\":10}".to_string(), - private: false, - disabled: None, - }, + let RegisterResponse { username, password } = client + .put( + "/ci/auth/register_bundle", + &json!({ + "app_tenant_id": "app001", + "username": "nacos", + "backend_service": { + "type": "new", + "value": { + "name": "spi-nacos-app01", + "conn_uri": env::var("TARDIS_FW.DB.URL").unwrap(), + } + } + }), ) .await; - let _: Void = client.put(&format!("/ci/manage/bs/{}/rel/app001", bs_id), &Void {}).await; + log::info!("username: {username}, password: {password}"); client.set_auth(&TardisContext { own_paths: "t1/app001".to_string(), ak: "".to_string(), @@ -62,6 +60,7 @@ async fn spi_conf_namespace_test() -> TardisResult<()> { test_register(&mut client).await?; test_curd(&mut client).await?; test_tags(&mut client).await?; + // web_server_hanlde.await.unwrap()?; drop(container_hold); Ok(()) @@ -329,7 +328,6 @@ pub async fn test_curd(client: &mut TestHttpClient) -> TardisResult<()> { assert_eq!(response[0].data_id, "conf-2"); assert_eq!(response[1].data_id, "conf-1"); assert_eq!(response[2].data_id, "conf-0"); - Ok(()) } diff --git a/spi/spi-conf/tests/spi_conf_listener_test.rs b/spi/spi-conf/tests/spi_conf_listener_test.rs index 47324ebd3..27180a91c 100644 --- a/spi/spi-conf/tests/spi_conf_listener_test.rs +++ b/spi/spi-conf/tests/spi_conf_listener_test.rs @@ -8,10 +8,13 @@ use bios_basic::{ spi::{dto::spi_bs_dto::SpiBsAddReq, spi_constants}, test::test_http_client::TestHttpClient, }; -use bios_spi_conf::{conf_constants::DOMAIN_CODE, dto::conf_config_dto::ConfigDescriptor}; +use bios_spi_conf::{ + conf_constants::DOMAIN_CODE, + dto::{conf_auth_dto::RegisterResponse, conf_config_dto::ConfigDescriptor}, +}; use tardis::{ basic::{dto::TardisContext, field::TrimString, result::TardisResult}, - log::debug, + log::{self, debug}, rand, serde_json::json, testcontainers, tokio, @@ -31,23 +34,23 @@ async fn spi_conf_namespace_test() -> TardisResult<()> { let mut client = TestHttpClient::new("https://localhost:8080/spi-conf".to_string()); client.set_auth(&tardis_ctx)?; let funs = TardisFuns::inst_with_db_conn(DOMAIN_CODE.to_string(), None); - let kind_id = RbumKindServ::get_rbum_kind_id_by_code(spi_constants::SPI_PG_KIND_CODE, &funs).await?.unwrap(); - let bs_id: String = client - .post( - "/ci/manage/bs", - &SpiBsAddReq { - name: TrimString("test-spi".to_string()), - kind_id: TrimString(kind_id), - conn_uri: env::var("TARDIS_FW.DB.URL").unwrap(), - ak: TrimString("".to_string()), - sk: TrimString("".to_string()), - ext: "{\"max_connections\":20,\"min_connections\":10}".to_string(), - private: false, - disabled: None, - }, + let RegisterResponse { username, password } = client + .put( + "/ci/auth/register_bundle", + &json!({ + "app_tenant_id": "app001", + "username": "nacos", + "backend_service": { + "type": "new", + "value": { + "name": "spi-nacos-app01", + "conn_uri": env::var("TARDIS_FW.DB.URL").unwrap(), + } + } + }), ) .await; - let _: tardis::serde_json::Value = client.put(&format!("/ci/manage/bs/{}/rel/app001", bs_id), &Void {}).await; + log::info!("username: {username}, password: {password}"); client.set_auth(&TardisContext { own_paths: "t1/app001".to_string(), ak: "".to_string(), diff --git a/spi/spi-conf/tests/spi_conf_nacos_compatible_test.rs b/spi/spi-conf/tests/spi_conf_nacos_compatible_test.rs index a25f017ae..d1306bf8d 100644 --- a/spi/spi-conf/tests/spi_conf_nacos_compatible_test.rs +++ b/spi/spi-conf/tests/spi_conf_nacos_compatible_test.rs @@ -1,10 +1,6 @@ use std::{collections::HashMap, env}; -use bios_basic::{ - rbum::serv::rbum_kind_serv::RbumKindServ, - spi::{dto::spi_bs_dto::SpiBsAddReq, spi_constants}, - test::test_http_client::TestHttpClient, -}; +use bios_basic::test::test_http_client::TestHttpClient; use bios_spi_conf::{ conf_constants::DOMAIN_CODE, dto::conf_auth_dto::{RegisterRequest, RegisterResponse}, @@ -12,7 +8,9 @@ use bios_spi_conf::{ use poem::http::HeaderName; use tardis::{ basic::{dto::TardisContext, field::TrimString, result::TardisResult}, - log, testcontainers, tokio, + log, + serde_json::json, + testcontainers, tokio, web::web_resp::{TardisResp, Void}, TardisFuns, }; @@ -34,23 +32,23 @@ async fn spi_conf_namespace_test() -> TardisResult<()> { let mut client = TestHttpClient::new(format!("{SCHEMA}://localhost:8080/spi-conf")); client.set_auth(&tardis_ctx)?; let funs = TardisFuns::inst_with_db_conn(DOMAIN_CODE.to_string(), None); - let kind_id = RbumKindServ::get_rbum_kind_id_by_code(spi_constants::SPI_PG_KIND_CODE, &funs).await?.unwrap(); - let bs_id: String = client - .post( - "/ci/manage/bs", - &SpiBsAddReq { - name: TrimString("test-spi".to_string()), - kind_id: TrimString(kind_id), - conn_uri: env::var("TARDIS_FW.DB.URL").unwrap(), - ak: TrimString("".to_string()), - sk: TrimString("".to_string()), - ext: "{\"max_connections\":20,\"min_connections\":10}".to_string(), - private: false, - disabled: None, - }, + let RegisterResponse { username, password } = client + .put( + "/ci/auth/register_bundle", + &json!({ + "app_tenant_id": "app001", + "username": "nacos", + "backend_service": { + "type": "new", + "value": { + "name": "spi-nacos-app01", + "conn_uri": env::var("TARDIS_FW.DB.URL").unwrap(), + } + } + }), ) .await; - let _: Void = client.put(&format!("/ci/manage/bs/{}/rel/app001", bs_id), &Void {}).await; + log::info!("username: {username}, password: {password}"); client.set_auth(&TardisContext { own_paths: "t1/app001".to_string(), ak: "".to_string(), diff --git a/support/iam/src/basic/dto/iam_cert_dto.rs b/support/iam/src/basic/dto/iam_cert_dto.rs index ba8ec3d90..96a4c2c19 100644 --- a/support/iam/src/basic/dto/iam_cert_dto.rs +++ b/support/iam/src/basic/dto/iam_cert_dto.rs @@ -1,3 +1,5 @@ +use std::collections::HashSet; + use crate::iam_enumeration::{IamCertExtKind, WayToAdd, WayToDelete}; use bios_basic::rbum::rbum_enumeration::RbumCertStatusKind; use serde::{Deserialize, Serialize}; @@ -155,6 +157,8 @@ pub struct IamCertManageAddReq { pub ak: String, #[oai(validator(min_length = "2", max_length = "10000"))] pub sk: Option, + #[oai(default)] + pub sk_invisible: Option, #[oai(validator(min_length = "2", max_length = "255"))] pub conn_uri: Option, #[oai(validator(min_length = "2", max_length = "2000"))] @@ -169,6 +173,8 @@ pub struct IamCertManageModifyReq { pub ak: String, #[oai(validator(min_length = "2", max_length = "10000"))] pub sk: Option, + #[oai(default)] + pub sk_invisible: Option, #[oai(validator(min_length = "2", max_length = "2000"))] pub conn_uri: Option, #[oai(validator(min_length = "2", max_length = "10000"))] @@ -210,3 +216,8 @@ pub struct IamOauth2AkSkResp { pub refresh_token: String, pub scope: String, } + +#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] +pub struct IamCertDecodeRequest { + pub codes: HashSet, +} diff --git a/support/iam/src/basic/serv/iam_cert_aksk_serv.rs b/support/iam/src/basic/serv/iam_cert_aksk_serv.rs index 7fe932027..f9e516f2c 100644 --- a/support/iam/src/basic/serv/iam_cert_aksk_serv.rs +++ b/support/iam/src/basic/serv/iam_cert_aksk_serv.rs @@ -118,6 +118,7 @@ impl IamCertAkSkServ { &mut RbumCertAddReq { ak: ak.into(), sk: Some(sk.into()), + sk_invisible: None, kind: None, supplier: None, vcode: None, diff --git a/support/iam/src/basic/serv/iam_cert_ldap_serv.rs b/support/iam/src/basic/serv/iam_cert_ldap_serv.rs index 1641f773c..34147914e 100644 --- a/support/iam/src/basic/serv/iam_cert_ldap_serv.rs +++ b/support/iam/src/basic/serv/iam_cert_ldap_serv.rs @@ -285,6 +285,7 @@ impl IamCertLdapServ { &mut RbumCertModifyReq { ak: Some(add_or_modify_req.ldap_id.clone()), sk: None, + sk_invisible: None, is_ignore_check_sk: false, ext: None, start_time: None, @@ -301,6 +302,7 @@ impl IamCertLdapServ { &mut RbumCertAddReq { ak: add_or_modify_req.ldap_id.clone(), sk: None, + sk_invisible: None, kind: None, supplier: None, vcode: None, @@ -815,6 +817,7 @@ impl IamCertLdapServ { end_time: None, conn_uri: None, status: None, + sk_invisible: None, }, &funs, ctx, @@ -869,6 +872,8 @@ impl IamCertLdapServ { &mut RbumCertModifyReq { ak: None, sk: None, + sk_invisible: None, + is_ignore_check_sk: false, ext: None, start_time: None, diff --git a/support/iam/src/basic/serv/iam_cert_mail_vcode_serv.rs b/support/iam/src/basic/serv/iam_cert_mail_vcode_serv.rs index 23015cc67..29abdf667 100644 --- a/support/iam/src/basic/serv/iam_cert_mail_vcode_serv.rs +++ b/support/iam/src/basic/serv/iam_cert_mail_vcode_serv.rs @@ -101,6 +101,7 @@ impl IamCertMailVCodeServ { &mut RbumCertAddReq { ak: TrimString(add_req.mail.trim().to_string()), sk: None, + sk_invisible: None, kind: None, supplier: None, vcode: Some(TrimString(vcode.clone())), @@ -129,6 +130,8 @@ impl IamCertMailVCodeServ { &mut RbumCertModifyReq { ak: Some(TrimString(modify_req.mail.to_string())), sk: None, + sk_invisible: None, + ext: None, start_time: None, end_time: None, @@ -193,6 +196,8 @@ impl IamCertMailVCodeServ { status: Some(RbumCertStatusKind::Enabled), ak: None, sk: None, + sk_invisible: None, + is_ignore_check_sk: false, ext: None, start_time: None, @@ -240,6 +245,7 @@ impl IamCertMailVCodeServ { &mut RbumCertAddReq { ak: TrimString(mail.trim().to_string()), sk: None, + sk_invisible: None, kind: None, supplier: None, vcode: Some(TrimString(input_vcode.to_string())), diff --git a/support/iam/src/basic/serv/iam_cert_oauth2_serv.rs b/support/iam/src/basic/serv/iam_cert_oauth2_serv.rs index 5b929613f..ba49de3de 100644 --- a/support/iam/src/basic/serv/iam_cert_oauth2_serv.rs +++ b/support/iam/src/basic/serv/iam_cert_oauth2_serv.rs @@ -133,6 +133,8 @@ impl IamCertOAuth2Serv { &mut RbumCertModifyReq { ak: Some(add_or_modify_req.open_id.clone()), sk: None, + sk_invisible: None, + is_ignore_check_sk: false, ext: None, start_time: None, @@ -149,6 +151,8 @@ impl IamCertOAuth2Serv { &mut RbumCertAddReq { ak: add_or_modify_req.open_id.clone(), sk: None, + sk_invisible: None, + kind: None, supplier: None, vcode: None, diff --git a/support/iam/src/basic/serv/iam_cert_phone_vcode_serv.rs b/support/iam/src/basic/serv/iam_cert_phone_vcode_serv.rs index 601dc5015..8a3f0266c 100644 --- a/support/iam/src/basic/serv/iam_cert_phone_vcode_serv.rs +++ b/support/iam/src/basic/serv/iam_cert_phone_vcode_serv.rs @@ -103,6 +103,8 @@ impl IamCertPhoneVCodeServ { &mut RbumCertAddReq { ak: TrimString(add_req.phone.to_string()), sk: None, + sk_invisible: None, + kind: None, supplier: None, vcode: Some(TrimString(vcode.clone())), @@ -132,6 +134,8 @@ impl IamCertPhoneVCodeServ { &mut RbumCertModifyReq { ak: Some(TrimString(modify_req.phone.to_string())), sk: None, + sk_invisible: None, + ext: None, start_time: None, end_time: None, @@ -189,6 +193,8 @@ impl IamCertPhoneVCodeServ { &mut RbumCertAddReq { ak: TrimString(add_req.phone.to_string()), sk: None, + sk_invisible: None, + kind: None, supplier: None, vcode: Some(TrimString(vcode.clone())), @@ -249,6 +255,8 @@ impl IamCertPhoneVCodeServ { status: Some(RbumCertStatusKind::Enabled), ak: None, sk: None, + sk_invisible: None, + is_ignore_check_sk: false, ext: None, start_time: None, @@ -294,6 +302,7 @@ impl IamCertPhoneVCodeServ { &mut RbumCertAddReq { ak: TrimString(phone.trim().to_string()), sk: None, + sk_invisible: None, kind: None, supplier: None, vcode: Some(TrimString(input_vcode.to_string())), diff --git a/support/iam/src/basic/serv/iam_cert_serv.rs b/support/iam/src/basic/serv/iam_cert_serv.rs index 9d40f745a..13608fcc3 100644 --- a/support/iam/src/basic/serv/iam_cert_serv.rs +++ b/support/iam/src/basic/serv/iam_cert_serv.rs @@ -2,12 +2,13 @@ use bios_basic::helper::request_helper::{add_ip, get_remote_ip}; use bios_basic::process::task_processor::TaskProcessor; use bios_basic::rbum::dto::rbum_rel_agg_dto::RbumRelAggAddReq; use bios_basic::rbum::serv::rbum_rel_serv::RbumRelServ; -use std::collections::HashMap; +use std::collections::{HashMap, HashSet}; use std::sync::Arc; use std::time::Duration; use tardis::basic::dto::TardisContext; use tardis::basic::field::TrimString; use tardis::basic::result::TardisResult; +use tardis::futures_util::future::join_all; use tardis::tokio::sync::Mutex; use tardis::web::web_resp::TardisPage; @@ -282,6 +283,7 @@ impl IamCertServ { id: kernel_cert.id, ak: kernel_cert.ak, sk: now_sk, + sk_invisible: kernel_cert.sk_invisible, ext: kernel_cert.ext, conn_uri: kernel_cert.conn_uri, start_time: kernel_cert.start_time, @@ -454,6 +456,7 @@ impl IamCertServ { &mut RbumCertAddReq { ak: TrimString(add_req.ak.trim().to_string()), sk: add_req.sk.as_ref().map(|sk| TrimString(sk.trim().to_string())), + sk_invisible: add_req.sk_invisible, kind: Some(IamCertExtKind::ThirdParty.to_string()), supplier: Some(add_req.supplier.clone()), vcode: None, @@ -482,6 +485,7 @@ impl IamCertServ { ext: modify_req.ext.clone(), ak: Some(TrimString(modify_req.ak.trim().to_string())), sk: Some(TrimString(modify_req.sk.clone().unwrap_or_default())), + sk_invisible: modify_req.sk_invisible, is_ignore_check_sk: false, start_time: None, end_time: None, @@ -502,6 +506,8 @@ impl IamCertServ { ext: Some(ext.to_string()), ak: None, sk: None, + sk_invisible: None, + is_ignore_check_sk: false, start_time: None, end_time: None, @@ -550,6 +556,7 @@ impl IamCertServ { &mut RbumCertAddReq { ak: TrimString(add_req.ak.trim().to_string()), sk: add_req.sk.as_ref().map(|sk| TrimString(sk.trim().to_string())), + sk_invisible: None, kind: Some(IamCertExtKind::ThirdParty.to_string()), supplier: add_req.supplier.clone(), vcode: None, @@ -629,7 +636,9 @@ impl IamCertServ { id: ext_cert.id, ak: if is_ldap { IamCertLdapServ::dn_to_cn(&ext_cert.ak) } else { ext_cert.ak }, sk: "".to_string(), + sk_invisible: ext_cert.sk_invisible, ext: ext_cert.ext, + conn_uri: ext_cert.conn_uri, start_time: ext_cert.start_time, end_time: ext_cert.end_time, @@ -675,10 +684,12 @@ impl IamCertServ { .await?; if let Some(ext_cert) = ext_cert { let now_sk = RbumCertServ::show_sk(ext_cert.id.as_str(), &RbumCertFilterReq::default(), funs, ctx).await?; + let encoded_sk = encode_cert(&ext_cert.id, now_sk, ext_cert.sk_invisible, funs, ctx)?; Ok(RbumCertSummaryWithSkResp { id: ext_cert.id, ak: ext_cert.ak, - sk: now_sk, + sk: encoded_sk, + sk_invisible: ext_cert.sk_invisible, ext: ext_cert.ext, conn_uri: ext_cert.conn_uri, start_time: ext_cert.start_time, @@ -746,10 +757,12 @@ impl IamCertServ { .await?; if let Some(ext_cert) = ext_cert { let now_sk = RbumCertServ::show_sk(ext_cert.id.as_str(), &RbumCertFilterReq::default(), funs, &mock_ctx).await?; + let encoded_sk = encode_cert(&ext_cert.id, now_sk, ext_cert.sk_invisible, funs, &mock_ctx)?; + // let encoded_sk = now_sk; Ok(RbumCertSummaryWithSkResp { id: ext_cert.id, ak: ext_cert.ak, - sk: now_sk, + sk: encoded_sk, ext: ext_cert.ext, start_time: ext_cert.start_time, end_time: ext_cert.end_time, @@ -766,6 +779,7 @@ impl IamCertServ { create_time: ext_cert.create_time, update_time: ext_cert.update_time, conn_uri: ext_cert.conn_uri, + sk_invisible: ext_cert.sk_invisible, }) } else { Err(funs.err().not_found( @@ -1443,4 +1457,63 @@ impl IamCertServ { } result } + + pub async fn batch_decode_cert(codes: HashSet, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult> { + let batch_result = join_all(codes.into_iter().filter_map(|code| { + if let Some((id, "sk")) = code.split_once('/') { + let id = id.to_owned(); + Some(async move { + let Ok(rels) = IamRelServ::find_rels( + &RbumRelFilterReq { + basic: RbumBasicFilterReq { + own_paths: Some("".to_string()), + with_sub_own_paths: true, + ignore_scope: true, + ..Default::default() + }, + tag: Some(IamRelKind::IamCertRel.to_string()), + from_rbum_id: Some(id.to_string()), + to_own_paths: Some(ctx.own_paths.clone()), + ..Default::default() + }, + None, + None, + funs, + ctx, + ) + .await else { + return None; + }; + let mut mock_ctx = TardisContext { ..ctx.clone() }; + if let Some(rel) = rels.first() { + mock_ctx.own_paths = rel.rel.own_paths.clone() + } + let Ok(sk) = RbumCertServ::show_sk(&id, &RbumCertFilterReq::default(), funs, &mock_ctx).await else { + return None; + }; + Some((id, sk)) + }) + } else { + None + } + })) + .await + .into_iter() + .fold(HashMap::default(), |mut map, output| { + if let Some((id, sk)) = output { + map.insert(id, sk); + } + map + }); + Ok(batch_result) + } +} + +fn encode_cert(id: &str, sk: String, invisible: bool, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { + if invisible { + let key = format!("{id}/sk"); + Ok(key) + } else { + Ok(sk) + } } diff --git a/support/iam/src/basic/serv/iam_cert_user_pwd_serv.rs b/support/iam/src/basic/serv/iam_cert_user_pwd_serv.rs index 1e851eaf3..d79a436ba 100644 --- a/support/iam/src/basic/serv/iam_cert_user_pwd_serv.rs +++ b/support/iam/src/basic/serv/iam_cert_user_pwd_serv.rs @@ -147,6 +147,8 @@ impl IamCertUserPwdServ { &mut RbumCertAddReq { ak: add_req.ak.clone(), sk: Some(add_req.sk.clone()), + sk_invisible: None, + is_ignore_check_sk: add_req.is_ignore_check_sk, kind: None, supplier: None, @@ -196,6 +198,7 @@ impl IamCertUserPwdServ { &mut RbumCertModifyReq { ak: None, sk: None, + sk_invisible: None, is_ignore_check_sk: false, ext: None, start_time: None, @@ -261,6 +264,8 @@ impl IamCertUserPwdServ { &mut RbumCertModifyReq { ak: Some(modify_req.new_ak.clone()), sk: Some(modify_req.sk.clone()), + sk_invisible: None, + is_ignore_check_sk: true, ext: None, start_time: None, @@ -313,6 +318,8 @@ impl IamCertUserPwdServ { &mut RbumCertModifyReq { ak: None, sk: None, + sk_invisible: None, + is_ignore_check_sk: false, ext: None, start_time: None, @@ -379,6 +386,8 @@ impl IamCertUserPwdServ { &mut RbumCertModifyReq { ak: None, sk: None, + sk_invisible: None, + is_ignore_check_sk: false, ext: None, start_time: None, diff --git a/support/iam/src/console_tenant/api/iam_ct_cert_manage_api.rs b/support/iam/src/console_tenant/api/iam_ct_cert_manage_api.rs index a4ee9cf67..8b01c9544 100644 --- a/support/iam/src/console_tenant/api/iam_ct_cert_manage_api.rs +++ b/support/iam/src/console_tenant/api/iam_ct_cert_manage_api.rs @@ -1,3 +1,5 @@ +use std::collections::HashMap; + use bios_sdk_invoke::clients::spi_log_client::{LogDynamicContentReq, SpiLogClient}; use tardis::web::context_extractor::TardisContextExtractor; use tardis::web::poem_openapi; @@ -9,7 +11,7 @@ use bios_basic::rbum::dto::rbum_cert_dto::{RbumCertDetailResp, RbumCertSummaryWi use bios_basic::rbum::dto::rbum_filer_dto::RbumCertFilterReq; use bios_basic::rbum::dto::rbum_rel_dto::RbumRelBoneResp; -use crate::basic::dto::iam_cert_dto::{IamCertManageAddReq, IamCertManageModifyReq}; +use crate::basic::dto::iam_cert_dto::{IamCertDecodeRequest, IamCertManageAddReq, IamCertManageModifyReq}; use crate::basic::serv::iam_cert_serv::IamCertServ; use crate::iam_constants; use crate::iam_enumeration::IamCertExtKind; @@ -216,4 +218,14 @@ impl IamCtCertManageApi { ctx.execute_task().await?; TardisResp::ok(rbum_certs) } + + /// decode cert + #[oai(path = "/decode", method = "post")] + async fn decode_certs(&self, body: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult> { + let funs = iam_constants::get_tardis_inst(); + let ctx = IamCertServ::use_sys_or_tenant_ctx_unsafe(ctx.0)?; + add_remote_ip(request, &ctx).await?; + let doceded = IamCertServ::batch_decode_cert(body.0.codes, &funs, &ctx).await?; + TardisResp::ok(doceded) + } } diff --git a/support/iam/src/iam_initializer.rs b/support/iam/src/iam_initializer.rs index e117d4a52..cdc8c8a72 100644 --- a/support/iam/src/iam_initializer.rs +++ b/support/iam/src/iam_initializer.rs @@ -143,12 +143,12 @@ pub async fn init_db(mut funs: TardisFunsInst) -> TardisResult TardisResult> { Ok(LifeHold { ldap: ldap_container }) } -fn get_ldap_container<'a>(docker: &'a Cli) -> Container<'a, GenericImage> { +fn get_ldap_container(docker: &Cli) -> Container<'_, GenericImage> { const ORGANISATION: &str = "test"; const ADMIN_PASSWORD: &str = "123456"; let domain: String = format!("{}.com", ORGANISATION); diff --git a/support/iam/tests/test_cc_cert.rs b/support/iam/tests/test_cc_cert.rs index fc6d4f763..4072ffc95 100644 --- a/support/iam/tests/test_cc_cert.rs +++ b/support/iam/tests/test_cc_cert.rs @@ -194,6 +194,7 @@ async fn test_single_level(context: &TardisContext, ak: &str, another_context: & supplier: pwd_supplier.to_string(), ext: Some("测试用户名/密码".to_string()), conn_uri: None, + sk_invisible: None, }, &funs, another_context, @@ -207,6 +208,7 @@ async fn test_single_level(context: &TardisContext, ak: &str, another_context: & supplier: visa_supplier.to_string(), ext: Some("测试用户名/证书".to_string()), conn_uri: None, + sk_invisible: None, }, &funs, another_context,