Merge branch 'main' of https://github.com/ideal-world/bios

.vscode/extensions.json

@@ -8,6 +8,8 @@
     "vadimcn.vscode-lldb",
     "swellaby.vscode-rust-test-adapter",
     "itsyaasir.rust-feature-toggler",
-    "zhangyue.rust-mod-generator"
+    "zhangyue.rust-mod-generator",
+    "streetsidesoftware.code-spell-checker",
+    "usernamehw.errorlens"
   ]
 }

Cargo.toml

@@ -73,11 +73,13 @@ tardis = { git = "https://github.com/ideal-world/tardis.git", rev = "191f3ec" }
 #   "cache",
 #   "k8s",
 #   "ext-redis",
+#   "ext-axum",
 # ] }
-spacegate-shell = { git = "https://github.com/ideal-world/spacegate.git", branch = "master", features = [
+spacegate-shell = { git = "https://github.com/ideal-world/spacegate.git", branch = "dev", features = [
   "cache",
   "k8s",
   "ext-redis",
+  "ext-axum",
 ] }
 
 spacegate-plugin = { git = "https://github.com/ideal-world/spacegate.git", branch = "master" }

README.md

@@ -0,0 +1,52 @@
+**WIP**
+
+# BIOS(Business Informatization OS)
+
+[中文](README_CN.md)   [English](README.md)
+
+> For computers, BIOS (Basic Input/Output System) is the foundation for loading and running the operating system. It abstracts hardware access and serves as a critical link between hardware and software.
+> For enterprises, we also hope to have a similar system that provides basic capabilities for upper-level business applications and abstracts the access of mainstream cloud services, providing a consistent access interface.
+
+In a nutshell, BIOS is a **stable**, **secure**, **lightweight**, and **extensible** technology platform that empowers enterprises to achieve digital transformation.
+
+## Ability Layering
+
+![architecture](architecture.png)
+
+The vast majority of `BIOS` functionalities are written in the ``Rust`` language and rely on the ``Tardis``(https://github.com/ideal-world/tardis) framework maintained by the same group of contributors.
+
+From the bottom to the top, ``BIOS`` is divided into five layers: **RBUM**, **SPI**, **Middleware**, **Support**, and **FaaS**.
+
+* **RBUM** (Resource-Based Unified Model) is a unified model based on resources. The model provides upper-level operations with `unified basic operations, unified credential management, and unified access control`.
+
+* **SPI** (Service Provider Interface) provides abstractions for commonly used basic operations to adapt to mainstream middleware/cloud services. For example, we provide the `full-text search` operation, which adapts to `PostgreSql` and `ElasticSearch` and can be further extended to other implementations.
+
+* **Middleware** provides some commonly used middleware. Different from the `SPI` layer, these middleware do not consider adaptability, thus gaining greater flexibility and freedom, and can be used to build some special features. For example, we provide the `event service`, which is based on the `Websocket` protocol and implements event penetration between the front and back ends and between the back and back ends.
+
+* **Support** is used to provide some complex domain services. Different from the `Middleware` layer, these supporting services aggregate the capabilities of `SPI` and `Middleware` to form more complex business-oriented services.
+
+* **FaaS** is used to implement the construction of general business applications with simple front-end technologies.
+
+All of these layers are optional. They are `libraries` and do not contain executable `services`. We use a special `aggregation service` layer to aggregate different capabilities into the required services. In actual use, we can select the required capabilities to build customized services that meet our own needs.
+
+In terms of gateway selection, we support the self-developed gateway named `SpaceGate` ([https://github.com/ideal-world/spacegate](https://github.com/ideal-world/spacegate)) by default to better integrate with `BIOS`.
+
+
+## Directory Structure
+
+```
+|-- backend
+  |-- basic                 Basic operation module, including common logic of RBUM and SPI
+  |-- spi                   SPI layer
+  |-- middleware            Middleware layer
+  |-- support               Support layer
+  |-- faas                  FaaS layer
+  |-- services              Aggregation service layer
+  |-- gateway               Gateway adaptation layer
+    |-- spacegate-plugins   Customized plugins for SpaceGate gateway
+|-- frontend
+  |-- console               Console front-end
+  |-- sdks                  Interface encapsulation and operation client
+|-- examples                Usage examples
+|-- docs                    Documentation
+```

README_CN.md

@@ -0,0 +1,51 @@
+**WIP**
+
+# BIOS(Business Informatization OS)业务信息化操作系统
+
+[中文](README_CN.md)   [English](README.md)
+
+> 对于计算机而言，``BIOS``(Basic Input/Output System)是操作系统加载和运行的基础，它抽象了硬件访问，是连接硬件和软件的关键纽带。
+> 对于企业而言，我们也希望能够有一个类似的系统，为上层的业务应用提供基础的能力，并且抽象各主流云服务的接入，提供一致性的访问接口。
+
+一言以蔽之：BIOS是一套**稳定**、**安全**、**轻量**、**可扩展**的技术平台，用于助力实现企业的数字化转型。
+
+## 能力分层
+
+![architecture](architecture.png)
+
+``BIOS``绝大部分功能由``Rust``语言编写，依赖于由同一批贡献者维护的``Tardis``(https://github.com/ideal-world/tardis)框架。
+
+``BIOS``从底层到上层分为**RBUM**、**SPI**、**Middleware**、**Support**、**FaaS**五个层次。
+
+* **RBUM**(Resource-Based Unified Model)基于资源的统一模型。该模型为上层操作提供了``统一的基础操作、统一的凭证管理、统一的访问控制``等能力。
+
+* **SPI**(Service Provider Interface)，提供了常用的基础操作抽象，以适配主流的中间件/云服务。比如我们提供了``全文搜索``操作，它适配了``PostgreSql``与``ElasticSearch``并且可以再扩展其它的实现。
+
+* **Middleware**，提供了一些常用的中间件。与``SPI``层不同，这些中间件并不考虑适配性，以此获得更大的灵活性与自由度，可用于构建一些特色能力。比如我们提供了``事件服务``，它基于``Websocket``协议，实现了前端与后端、后端与后端间的事件穿透。
+
+* **Support**，用于提供一些复杂的领域服务。与``Middleware``层不同，这些支撑服务聚合了``SPI``、``Middleware``的能力，形成了更为复杂的面向业务的服务。
+
+* **FaaS**，用于实现以简单的前端技术构建通用业务应用。
+
+所有的这些层次都是可选的，它们是``类库``，并不包含可运行的``服务``。我们通过一个特殊的**聚合服务**层用于将不同的能力聚合成需要的服务。在实际使用中，我们可以选择需要的能力以构建出符合自己需求的定制化的服务。
+
+在网关的选择上，我们默认支持自研的名为``SpaceGate``(https://github.com/ideal-world/spacegate)的网关，以更好的与``BIOS``整合。
+
+## 目录结构
+
+```
+|-- backend
+  |-- basic                 基础操作模块，包含了RBUM及SPI的公共逻辑
+  |-- spi                   SPI层
+  |-- middleware            Middleware层
+  |-- support               Support层
+  |-- faas                  FaaS层
+  |-- services              聚合服务层
+  |-- gateway               网关适配层
+    |-- spacegate-plugins   SpaceGate网关的定制插件
+|-- frontend
+  |-- console               控制台前端 
+  |-- sdks                  各类接口封装及操作客户端
+|-- examples                使用示例
+|-- docs                    文档
+```

basic/src/helper/bios_ctx_helper.rs

@@ -15,10 +15,14 @@ where
     let bios_ctx = if let Some(bios_ctx) = request.header(&funs.rbum_head_key_bios_ctx()).or_else(|| request.header(&funs.rbum_head_key_bios_ctx().to_lowercase())) {
         TardisFuns::json.str_to_obj::<TardisContext>(&TardisFuns::crypto.base64.decode_to_string(bios_ctx)?)?
     } else {
-        return Err(TardisError::unauthorized(
-            &format!("[Basic] Request is not legal, missing header [{}]", funs.rbum_head_key_bios_ctx()),
-            "401-auth-req-ak-not-exist",
-        ));
+        if ctx.owner.is_empty() && ctx.ak.is_empty() && ctx.own_paths.is_empty() && ctx.roles.is_empty() && ctx.groups.is_empty() {
+            return Err(TardisError::unauthorized(
+                &format!("[Basic] Request is not legal, missing header [{}]", funs.rbum_head_key_bios_ctx()),
+                "401-auth-req-ak-not-exist",
+            ));
+        } else {
+            return Ok(());
+        }
     };
 
     if bios_ctx.own_paths.contains(&ctx.own_paths) {

basic/src/rbum/dto/rbum_cert_dto.rs

@@ -37,7 +37,7 @@ pub struct RbumCertAddReq {
     pub is_outside: bool,
 }
 
-#[derive(Serialize, Deserialize, Debug)]
+#[derive(Serialize, Deserialize, Debug, Default)]
 #[cfg_attr(feature = "default", derive(poem_openapi::Object))]
 pub struct RbumCertModifyReq {
     #[cfg_attr(feature = "default", oai(validator(min_length = "2", max_length = "2000")))]

basic/src/rbum/serv/rbum_cert_serv.rs

@@ -443,12 +443,15 @@ impl RbumCrudOperation<rbum_cert::ActiveModel, RbumCertAddReq, RbumCertModifyReq
                 }
             }
             // Fill Time
-            if let Some(start_time) = &add_req.start_time {
-                add_req.end_time = Some(*start_time + Duration::try_seconds(rbum_cert_conf.expire_sec).unwrap_or(TimeDelta::max_value()));
-            } else {
-                let now = Utc::now();
-                add_req.start_time = Some(now);
-                add_req.end_time = Some(now + Duration::try_seconds(rbum_cert_conf.expire_sec).unwrap_or(TimeDelta::max_value()));
+            if add_req.end_time.is_none() {
+                if let Some(start_time) = &add_req.start_time {
+                    add_req.end_time = Some(*start_time + Duration::try_seconds(rbum_cert_conf.expire_sec).unwrap_or(TimeDelta::max_value()));
+                } else {
+                    add_req.end_time = Some(Utc::now() + Duration::try_seconds(rbum_cert_conf.expire_sec).unwrap_or(TimeDelta::max_value()));
+                }
+            }
+            if add_req.start_time.is_none() {
+                add_req.start_time = Some(Utc::now());
             }
             if rbum_cert_conf.sk_dynamic {
                 add_req.end_time = None;

gateway/spacegate-lib/src/extension.rs

@@ -1,4 +1,37 @@
+use http::Extensions;
+use spacegate_shell::{kernel::extension::ExtensionPack as _, BoxError};
+use tardis::serde_json::{self, Value};
+
+use self::audit_log_param::LogParamContent;
+
 pub mod audit_log_param;
 pub mod before_encrypt_body;
 pub mod cert_info;
 pub mod request_crypto_status;
+
+pub enum ExtensionPackEnum {
+    LogParamContent(),
+    None,
+}
+
+impl From<String> for ExtensionPackEnum {
+    fn from(value: String) -> Self {
+        match value.as_str() {
+            "log_content" => ExtensionPackEnum::LogParamContent(),
+            _ => ExtensionPackEnum::None,
+        }
+    }
+}
+impl ExtensionPackEnum {
+    pub fn to_value(&self, ext: &Extensions) -> Result<Option<Value>, BoxError> {
+        match self {
+            ExtensionPackEnum::LogParamContent() => {
+                if let Some(ext) = LogParamContent::get(ext) {
+                    return Ok(Some(serde_json::to_value(ext)?));
+                }
+            }
+            ExtensionPackEnum::None => (),
+        }
+        Ok(None)
+    }
+}