diff --git a/basic/src/helper/bios_ctx_helper.rs b/basic/src/helper/bios_ctx_helper.rs index 1483eb5b3..1d2631a1a 100644 --- a/basic/src/helper/bios_ctx_helper.rs +++ b/basic/src/helper/bios_ctx_helper.rs @@ -5,28 +5,28 @@ use tardis::{ TardisFuns, TardisFunsInst, }; -pub async fn unsafe_fill_ctx(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> { +fn unsafe_check_ctx(request: &Request, f: F, check: bool, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> +where + F: FnOnce(TardisContext, &mut TardisContext), +{ + if check && !ctx.owner.is_empty() { + return Ok(()); + } let bios_ctx = if let Some(bios_ctx) = request.header(&funs.rbum_head_key_bios_ctx()).or_else(|| request.header(&funs.rbum_head_key_bios_ctx().to_lowercase())) { TardisFuns::json.str_to_obj::(&TardisFuns::crypto.base64.decode_to_string(bios_ctx)?)? } else { - return Err(TardisError::unauthorized( - &format!("[Basic] Request is not legal, missing header [{}]", funs.rbum_head_key_bios_ctx()), - "401-auth-req-ak-not-exist", - )); + if ctx.owner.is_empty() && ctx.ak.is_empty() && ctx.own_paths.is_empty() && ctx.roles.is_empty() && ctx.groups.is_empty() { + return Err(TardisError::unauthorized( + &format!("[Basic] Request is not legal, missing header [{}]", funs.rbum_head_key_bios_ctx()), + "401-auth-req-ak-not-exist", + )); + } else { + return Ok(()); + } }; if bios_ctx.own_paths.contains(&ctx.own_paths) { - let mut roles = bios_ctx.roles.clone(); - for role in bios_ctx.roles.clone() { - if role.contains(':') { - let extend_role = role.split(':').collect::>()[0]; - roles.push(extend_role.to_string()); - } - } - ctx.owner = bios_ctx.owner.clone(); - ctx.roles = roles; - ctx.groups = bios_ctx.groups; - ctx.own_paths = bios_ctx.own_paths; + f(bios_ctx, ctx); Ok(()) } else { @@ -36,3 +36,103 @@ pub async fn unsafe_fill_ctx(request: &Request, funs: &TardisFunsInst, ctx: &mut )) } } + +// xxx_check_own function will check the owner is empty or not. +pub fn check_own_fill_ctx(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> { + unsafe_check_ctx( + request, + |bios_ctx, ctx| { + let mut roles = bios_ctx.roles.clone(); + for role in bios_ctx.roles.clone() { + if role.contains(':') { + let extend_role = role.split(':').collect::>()[0]; + roles.push(extend_role.to_string()); + } + } + ctx.owner = bios_ctx.owner.clone(); + ctx.roles = roles; + ctx.groups = bios_ctx.groups; + ctx.own_paths = bios_ctx.own_paths; + }, + true, + funs, + ctx, + ) +} + +pub fn unsafe_fill_ctx(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> { + unsafe_check_ctx( + request, + |bios_ctx, ctx| { + let mut roles = bios_ctx.roles.clone(); + for role in bios_ctx.roles.clone() { + if role.contains(':') { + let extend_role = role.split(':').collect::>()[0]; + roles.push(extend_role.to_string()); + } + } + ctx.owner = bios_ctx.owner.clone(); + ctx.roles = roles; + ctx.groups = bios_ctx.groups; + ctx.own_paths = bios_ctx.own_paths; + }, + false, + funs, + ctx, + ) +} + +pub fn unsfae_fill_owner_only(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> { + unsafe_check_ctx( + request, + |bios_ctx, ctx| { + ctx.owner = bios_ctx.owner.clone(); + }, + false, + funs, + ctx, + ) +} + +pub fn unsfae_fill_own_paths_only(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> { + unsafe_check_ctx( + request, + |bios_ctx, ctx| { + ctx.own_paths = bios_ctx.own_paths; + }, + false, + funs, + ctx, + ) +} + +pub fn unsfae_fill_roles_only(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> { + unsafe_check_ctx( + request, + |bios_ctx, ctx| { + let mut roles = bios_ctx.roles.clone(); + for role in bios_ctx.roles.clone() { + if role.contains(':') { + let extend_role = role.split(':').collect::>()[0]; + roles.push(extend_role.to_string()); + } + } + ctx.roles = roles; + }, + false, + funs, + ctx, + ) +} + +pub fn unsfae_fill_groups_only(request: &Request, funs: &TardisFunsInst, ctx: &mut TardisContext) -> TardisResult<()> { + unsafe_check_ctx( + request, + |bios_ctx, ctx| { + ctx.groups = bios_ctx.groups; + }, + false, + funs, + ctx, + ) +} diff --git a/gateway/spacegate-lib/src/marker.rs b/gateway/spacegate-lib/src/marker.rs index e69de29bb..8b1378917 100644 --- a/gateway/spacegate-lib/src/marker.rs +++ b/gateway/spacegate-lib/src/marker.rs @@ -0,0 +1 @@ + diff --git a/gateway/spacegate-lib/src/plugin.rs b/gateway/spacegate-lib/src/plugin.rs index 99fe954c1..865bb4a7b 100644 --- a/gateway/spacegate-lib/src/plugin.rs +++ b/gateway/spacegate-lib/src/plugin.rs @@ -3,4 +3,4 @@ pub mod anti_xss; pub mod audit_log; pub mod auth; pub mod ip_time; -pub mod rewrite_ns_b_ip; \ No newline at end of file +pub mod rewrite_ns_b_ip; diff --git a/gateway/spacegate-lib/src/plugin/auth.rs b/gateway/spacegate-lib/src/plugin/auth.rs index d836c1a7e..2c71808a7 100644 --- a/gateway/spacegate-lib/src/plugin/auth.rs +++ b/gateway/spacegate-lib/src/plugin/auth.rs @@ -461,6 +461,10 @@ fn success_auth_result_to_req(auth_result: AuthResult, config: &AuthConfig, req: let auth_resp: AuthResp = auth_result.into(); parts.headers.extend(hashmap_header_to_headermap(auth_resp.headers.clone())?); if let Some(new_body) = auth_resp.body { + parts.headers.insert( + header::CONTENT_LENGTH, + HeaderValue::from_str(&format!("{}", new_body.as_bytes().len())).map_err(|e| TardisError::format_error(&format!("[SG.Filter.Auth] error parse str :{e}"), ""))?, + ); body = SgBody::full(new_body); }; Ok(Request::from_parts(parts, body)) diff --git a/gateway/spacegate-lib/src/plugin/auth/tests.rs b/gateway/spacegate-lib/src/plugin/auth/tests.rs index 5895cb55c..759353a30 100644 --- a/gateway/spacegate-lib/src/plugin/auth/tests.rs +++ b/gateway/spacegate-lib/src/plugin/auth/tests.rs @@ -340,26 +340,26 @@ async fn test_auth_plugin_crypto() { fn crypto_req(body: &str, serv_pub_key: &str, front_pub_key: &str, need_crypto_resp: bool) -> (String, String) { let pub_key = TardisFuns::crypto.sm2.new_public_key_from_public_key(serv_pub_key).unwrap(); - let sm4_key = TardisFuns::crypto.key.rand_16_bytes(); - let sm4_key_hex = TardisFuns::crypto.hex.encode(sm4_key); - let sm4_iv = TardisFuns::crypto.key.rand_16_bytes(); - let sm4_iv_hex = TardisFuns::crypto.hex.encode(sm4_iv); + let sm4_key = TardisFuns::crypto.key.rand_16_hex(); + // let sm4_key_hex = TardisFuns::crypto.hex.encode(sm4_key); + let sm4_iv = TardisFuns::crypto.key.rand_16_hex(); + // let sm4_iv_hex = TardisFuns::crypto.hex.encode(sm4_iv); - let key = TardisFuns::crypto.hex.decode(sm4_key_hex.clone()).unwrap(); - let iv = TardisFuns::crypto.hex.decode(sm4_iv_hex.clone()).unwrap(); + // let key = TardisFuns::crypto.hex.decode(sm4_key_hex.clone()).unwrap(); + // let iv = TardisFuns::crypto.hex.decode(sm4_iv_hex.clone()).unwrap(); - assert_eq!(key.as_slice(), sm4_key); - assert_eq!(iv.as_slice(), sm4_iv); + // assert_eq!(key.as_slice(), sm4_key); + // assert_eq!(iv.as_slice(), sm4_iv); - let data = TardisFuns::crypto.sm4.encrypt_cbc(body, sm4_key, sm4_iv).unwrap(); - assert_eq!(TardisFuns::crypto.sm4.decrypt_cbc(&data, key.as_slice(), iv.as_slice()).unwrap(), body); + let data = TardisFuns::crypto.sm4.encrypt_cbc(body, &sm4_key, &sm4_iv).unwrap(); + assert_eq!(TardisFuns::crypto.sm4.decrypt_cbc(&data, &sm4_key, &sm4_iv).unwrap(), body); let sign_data = TardisFuns::crypto.digest.sm3(&data).unwrap(); let sm4_encrypt = if need_crypto_resp { - pub_key.encrypt(&format!("{sign_data} {sm4_key_hex} {sm4_iv_hex} {front_pub_key}",)).unwrap() + pub_key.encrypt(&format!("{sign_data} {sm4_key} {sm4_iv} {front_pub_key}",)).unwrap() } else { - pub_key.encrypt(&format!("{sign_data} {sm4_key_hex} {sm4_iv_hex}",)).unwrap() + pub_key.encrypt(&format!("{sign_data} {sm4_key} {sm4_iv}",)).unwrap() }; let base64_encrypt = TardisFuns::crypto.base64.encode(sm4_encrypt); (data, base64_encrypt) diff --git a/gateway/spacegate-lib/tests/export_schemas.rs b/gateway/spacegate-lib/tests/export_schemas.rs index 1bf3f37c6..4b8ff4f5b 100644 --- a/gateway/spacegate-lib/tests/export_schemas.rs +++ b/gateway/spacegate-lib/tests/export_schemas.rs @@ -19,8 +19,7 @@ macro_rules! export_plugins { #[test] fn export_schema() { use spacegate_lib::plugin::{ - anti_replay::AntiReplayPlugin, anti_xss::AntiXssPlugin, audit_log::AuditLogPlugin, auth::AuthPlugin, ip_time::SgIpTimePlugin, - rewrite_ns_b_ip::RewriteNsPlugin, + anti_replay::AntiReplayPlugin, anti_xss::AntiXssPlugin, audit_log::AuditLogPlugin, auth::AuthPlugin, ip_time::SgIpTimePlugin, rewrite_ns_b_ip::RewriteNsPlugin, }; export_plugins!("schema": AntiReplayPlugin diff --git a/middleware/flow/src/api/cc/flow_cc_inst_api.rs b/middleware/flow/src/api/cc/flow_cc_inst_api.rs index f98cee233..f1e66e677 100644 --- a/middleware/flow/src/api/cc/flow_cc_inst_api.rs +++ b/middleware/flow/src/api/cc/flow_cc_inst_api.rs @@ -1,6 +1,7 @@ use std::collections::HashMap; use tardis::web::context_extractor::TardisContextExtractor; +use tardis::web::poem::Request; use tardis::web::poem_openapi; use tardis::web::poem_openapi::param::{Path, Query}; use tardis::web::poem_openapi::payload::Json; @@ -21,7 +22,7 @@ pub struct FlowCcInstApi; impl FlowCcInstApi { /// Start Instance / 启动实例 #[oai(path = "/", method = "post")] - async fn start(&self, add_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn start(&self, add_req: Json, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; let result = FlowInstServ::start(&add_req.0, None, &funs, &ctx.0).await?; @@ -31,7 +32,7 @@ impl FlowCcInstApi { /// Abort Instance / 中止实例 #[oai(path = "/:flow_inst_id", method = "put")] - async fn abort(&self, flow_inst_id: Path, abort_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn abort(&self, flow_inst_id: Path, abort_req: Json, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowInstServ::abort(&flow_inst_id.0, &abort_req.0, &funs, &ctx.0).await?; @@ -41,7 +42,7 @@ impl FlowCcInstApi { /// Get Instance By Instance Id / 获取实例信息 #[oai(path = "/:flow_inst_id", method = "get")] - async fn get(&self, flow_inst_id: Path, ctx: TardisContextExtractor) -> TardisApiResult { + async fn get(&self, flow_inst_id: Path, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let funs = flow_constants::get_tardis_inst(); let result = FlowInstServ::get(&flow_inst_id.0, &funs, &ctx.0).await?; TardisResp::ok(result) @@ -58,6 +59,7 @@ impl FlowCcInstApi { page_number: Query, page_size: Query, ctx: TardisContextExtractor, + _request: &Request, ) -> TardisApiResult> { let funs = flow_constants::get_tardis_inst(); let result = FlowInstServ::paginate(flow_model_id.0, tag.0, finish.0, with_sub.0, page_number.0, page_size.0, &funs, &ctx.0).await?; @@ -71,6 +73,7 @@ impl FlowCcInstApi { flow_inst_id: Path, next_req: Json, ctx: TardisContextExtractor, + _request: &Request, ) -> TardisApiResult> { let funs = flow_constants::get_tardis_inst(); let result = FlowInstServ::find_next_transitions(&flow_inst_id.0, &next_req.0, &funs, &ctx.0).await?; @@ -83,6 +86,7 @@ impl FlowCcInstApi { &self, find_req: Json>, ctx: TardisContextExtractor, + _request: &Request, ) -> TardisApiResult> { let funs = flow_constants::get_tardis_inst(); let result = FlowInstServ::find_state_and_next_transitions(&find_req.0, &funs, &ctx.0).await?; @@ -91,7 +95,13 @@ impl FlowCcInstApi { /// Transfer State By State Id / 流转 #[oai(path = "/:flow_inst_id/transition/transfer", method = "put")] - async fn transfer(&self, flow_inst_id: Path, transfer_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn transfer( + &self, + flow_inst_id: Path, + transfer_req: Json, + ctx: TardisContextExtractor, + _request: &Request, + ) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); let mut transfer = transfer_req.0; FlowInstServ::check_transfer_vars(&flow_inst_id.0, &mut transfer, &funs, &ctx.0).await?; @@ -108,6 +118,7 @@ impl FlowCcInstApi { flow_inst_ids: Path, transfer_req: Json, ctx: TardisContextExtractor, + _request: &Request, ) -> TardisApiResult> { let mut funs = flow_constants::get_tardis_inst(); let mut result = vec![]; @@ -129,7 +140,13 @@ impl FlowCcInstApi { /// Modify Assigned / 同步执行人信息 #[oai(path = "/:flow_inst_id/transition/modify_assigned", method = "post")] - async fn modify_assigned(&self, flow_inst_id: Path, modify_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn modify_assigned( + &self, + flow_inst_id: Path, + modify_req: Json, + ctx: TardisContextExtractor, + _request: &Request, + ) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowInstServ::modify_assigned(&flow_inst_id.0, &modify_req.0.current_assigned, &funs, &ctx.0).await?; @@ -139,7 +156,13 @@ impl FlowCcInstApi { /// Modify list of variables / 同步当前变量列表 #[oai(path = "/:flow_inst_id/modify_current_vars", method = "patch")] - async fn modify_current_vars(&self, flow_inst_id: Path, modify_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn modify_current_vars( + &self, + flow_inst_id: Path, + modify_req: Json, + ctx: TardisContextExtractor, + _request: &Request, + ) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowInstServ::modify_current_vars(&flow_inst_id.0, &modify_req.0.vars, &funs, &ctx.0).await?; diff --git a/middleware/flow/src/api/cc/flow_cc_model_api.rs b/middleware/flow/src/api/cc/flow_cc_model_api.rs index 17fb10cdd..626c14030 100644 --- a/middleware/flow/src/api/cc/flow_cc_model_api.rs +++ b/middleware/flow/src/api/cc/flow_cc_model_api.rs @@ -3,6 +3,7 @@ use std::collections::HashMap; use bios_basic::rbum::dto::rbum_filer_dto::RbumBasicFilterReq; use bios_basic::rbum::serv::rbum_item_serv::RbumItemCrudOperation; use tardis::web::context_extractor::TardisContextExtractor; +use tardis::web::poem::Request; use tardis::web::poem_openapi; use tardis::web::poem_openapi::param::{Path, Query}; use tardis::web::poem_openapi::payload::Json; @@ -25,7 +26,7 @@ pub struct FlowCcModelApi; impl FlowCcModelApi { /// Add Model / 添加模型 #[oai(path = "/", method = "post")] - async fn add(&self, mut add_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn add(&self, mut add_req: Json, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; let result = FlowModelServ::add_item(&mut add_req.0, &funs, &ctx.0).await?; @@ -35,7 +36,7 @@ impl FlowCcModelApi { /// Modify Model By Model Id / 修改模型 #[oai(path = "/:flow_model_id", method = "patch")] - async fn modify(&self, flow_model_id: Path, mut modify_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn modify(&self, flow_model_id: Path, mut modify_req: Json, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowModelServ::modify_model(&flow_model_id.0, &mut modify_req.0, &funs, &ctx.0).await?; @@ -45,7 +46,7 @@ impl FlowCcModelApi { /// Get Model By Model Id / 获取模型 #[oai(path = "/:flow_model_id", method = "get")] - async fn get(&self, flow_model_id: Path, ctx: TardisContextExtractor) -> TardisApiResult { + async fn get(&self, flow_model_id: Path, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let funs = flow_constants::get_tardis_inst(); let result = FlowModelServ::get_item_detail_aggs(&flow_model_id.0, &funs, &ctx.0).await?; TardisResp::ok(result) @@ -66,6 +67,7 @@ impl FlowCcModelApi { desc_by_create: Query>, desc_by_update: Query>, ctx: TardisContextExtractor, + _request: &Request, ) -> TardisApiResult> { let funs = flow_constants::get_tardis_inst(); let result = FlowModelServ::paginate_items( @@ -93,7 +95,13 @@ impl FlowCcModelApi { /// Get Models By Tag And Template Id / 通过Tag和模板Id获取模型 #[oai(path = "/get_models", method = "get")] - async fn get_models(&self, tag_ids: Query, temp_id: Query>, ctx: TardisContextExtractor) -> TardisApiResult> { + async fn get_models( + &self, + tag_ids: Query, + temp_id: Query>, + ctx: TardisContextExtractor, + _request: &Request, + ) -> TardisApiResult> { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; let tag_ids: Vec<_> = tag_ids.split(',').collect(); @@ -108,7 +116,7 @@ impl FlowCcModelApi { /// /// 仅在模型没被使用时有效 #[oai(path = "/:flow_model_id", method = "delete")] - async fn delete(&self, flow_model_id: Path, ctx: TardisContextExtractor) -> TardisApiResult { + async fn delete(&self, flow_model_id: Path, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowModelServ::delete_item(&flow_model_id.0, &funs, &ctx.0).await?; @@ -118,7 +126,7 @@ impl FlowCcModelApi { /// Bind State By Model Id / 绑定状态 #[oai(path = "/:flow_model_id/bind_state", method = "post")] - async fn bind_state(&self, flow_model_id: Path, req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn bind_state(&self, flow_model_id: Path, req: Json, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowModelServ::bind_state(&FlowRelKind::FlowModelState, &flow_model_id.0, &req.0, &funs, &ctx.0).await?; @@ -128,7 +136,7 @@ impl FlowCcModelApi { /// Unbind State By Model Id / 解绑状态 #[oai(path = "/:flow_model_id/unbind_state", method = "post")] - async fn unbind_state(&self, flow_model_id: Path, req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn unbind_state(&self, flow_model_id: Path, req: Json, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowModelServ::unbind_state(&FlowRelKind::FlowModelState, &flow_model_id.0, &req, &funs, &ctx.0).await?; @@ -138,7 +146,7 @@ impl FlowCcModelApi { /// Resort states / 状态重新排序 #[oai(path = "/:flow_model_id/resort_state", method = "post")] - async fn resort_state(&self, flow_model_id: Path, req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn resort_state(&self, flow_model_id: Path, req: Json, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowModelServ::resort_state(&FlowRelKind::FlowModelState, &flow_model_id.0, &req.0, &funs, &ctx.0).await?; @@ -148,7 +156,13 @@ impl FlowCcModelApi { /// Resort transitions / 动作重新排序 #[oai(path = "/:flow_model_id/resort_transition", method = "post")] - async fn resort_transition(&self, flow_model_id: Path, req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn resort_transition( + &self, + flow_model_id: Path, + req: Json, + ctx: TardisContextExtractor, + _request: &Request, + ) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowModelServ::resort_transition(&flow_model_id.0, &req.0, &funs, &ctx.0).await?; @@ -158,7 +172,12 @@ impl FlowCcModelApi { /// add custom model by template_id / 添加自定义模型 #[oai(path = "/add_custom_model", method = "post")] - async fn add_custom_model(&self, req: Json, ctx: TardisContextExtractor) -> TardisApiResult> { + async fn add_custom_model( + &self, + req: Json, + ctx: TardisContextExtractor, + _request: &Request, + ) -> TardisApiResult> { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; let proj_template_id = req.0.proj_template_id.unwrap_or_default(); @@ -173,7 +192,13 @@ impl FlowCcModelApi { /// find rel states by model_id / 获取关联状态 #[oai(path = "/find_rel_status", method = "get")] - async fn find_rel_states(&self, tag: Query, rel_template_id: Query>, ctx: TardisContextExtractor) -> TardisApiResult> { + async fn find_rel_states( + &self, + tag: Query, + rel_template_id: Query>, + ctx: TardisContextExtractor, + _request: &Request, + ) -> TardisApiResult> { let funs = flow_constants::get_tardis_inst(); let result = FlowModelServ::find_rel_states(tag.0.split(',').collect(), rel_template_id.0, &funs, &ctx.0).await?; @@ -182,7 +207,14 @@ impl FlowCcModelApi { /// modify related state / 编辑关联的状态 #[oai(path = "/:flow_model_id/modify_rel_state/:state_id", method = "patch")] - async fn modify_rel_state(&self, flow_model_id: Path, state_id: Path, req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn modify_rel_state( + &self, + flow_model_id: Path, + state_id: Path, + req: Json, + ctx: TardisContextExtractor, + _request: &Request, + ) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowModelServ::modify_rel_state(&flow_model_id.0, &state_id.0, &req.0, &funs, &ctx.0).await?; diff --git a/middleware/flow/src/api/cc/flow_cc_state_api.rs b/middleware/flow/src/api/cc/flow_cc_state_api.rs index 2266fa5d4..e1f154c1e 100644 --- a/middleware/flow/src/api/cc/flow_cc_state_api.rs +++ b/middleware/flow/src/api/cc/flow_cc_state_api.rs @@ -3,6 +3,7 @@ use bios_basic::rbum::helper::rbum_scope_helper; use bios_basic::rbum::rbum_enumeration::RbumScopeLevelKind; use bios_basic::rbum::serv::rbum_item_serv::RbumItemCrudOperation; use tardis::web::context_extractor::TardisContextExtractor; +use tardis::web::poem::Request; use tardis::web::poem_openapi; use tardis::web::poem_openapi::param::{Path, Query}; use tardis::web::poem_openapi::payload::Json; @@ -22,7 +23,7 @@ pub struct FlowCcStateApi; impl FlowCcStateApi { /// Add State / 添加状态 #[oai(path = "/", method = "post")] - async fn add(&self, mut add_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn add(&self, mut add_req: Json, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; let result = FlowStateServ::add_item(&mut add_req.0, &funs, &ctx.0).await?; @@ -32,7 +33,7 @@ impl FlowCcStateApi { /// Modify State By State Id / 修改状态 #[oai(path = "/:id", method = "patch")] - async fn modify(&self, id: Path, mut modify_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn modify(&self, id: Path, mut modify_req: Json, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowStateServ::modify_item(&id.0, &mut modify_req.0, &funs, &ctx.0).await?; @@ -42,7 +43,7 @@ impl FlowCcStateApi { /// Get State By State Id / 获取状态 #[oai(path = "/:id", method = "get")] - async fn get(&self, id: Path, ctx: TardisContextExtractor) -> TardisApiResult { + async fn get(&self, id: Path, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let funs = flow_constants::get_tardis_inst(); let result = FlowStateServ::get_item( &id.0, @@ -79,6 +80,7 @@ impl FlowCcStateApi { desc_by_create: Query>, desc_by_update: Query>, ctx: TardisContextExtractor, + _request: &Request, ) -> TardisApiResult> { let funs = flow_constants::get_tardis_inst(); @@ -129,7 +131,7 @@ impl FlowCcStateApi { /// /// 仅在状态没被使用时有效 #[oai(path = "/:id", method = "delete")] - async fn delete(&self, id: Path, ctx: TardisContextExtractor) -> TardisApiResult { + async fn delete(&self, id: Path, ctx: TardisContextExtractor, _request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; FlowStateServ::delete_item(&id.0, &funs, &ctx.0).await?; @@ -145,6 +147,7 @@ impl FlowCcStateApi { tag: Query>, app_ids: Query>, ctx: TardisContextExtractor, + _request: &Request, ) -> TardisApiResult> { let funs = flow_constants::get_tardis_inst(); let resp = FlowStateServ::find_names( @@ -160,7 +163,12 @@ impl FlowCcStateApi { /// Count Group By State / 按状态分组统计 #[oai(path = "/count_group_by_state", method = "post")] - async fn count_group_by_state(&self, req: Json, ctx: TardisContextExtractor) -> TardisApiResult> { + async fn count_group_by_state( + &self, + req: Json, + ctx: TardisContextExtractor, + _request: &Request, + ) -> TardisApiResult> { let mut funs = flow_constants::get_tardis_inst(); funs.begin().await?; let result = FlowStateServ::count_group_by_state(&req.0, &funs, &ctx.0).await?; diff --git a/middleware/flow/src/api/ci.rs b/middleware/flow/src/api/ci.rs index 0ca99f835..1fccedcb3 100644 --- a/middleware/flow/src/api/ci.rs +++ b/middleware/flow/src/api/ci.rs @@ -1 +1,3 @@ pub mod flow_ci_inst_api; +pub mod flow_ci_model_api; +pub mod flow_ci_state_api; \ No newline at end of file diff --git a/middleware/flow/src/api/ci/flow_ci_inst_api.rs b/middleware/flow/src/api/ci/flow_ci_inst_api.rs index 2cf872bf3..da869ddcd 100644 --- a/middleware/flow/src/api/ci/flow_ci_inst_api.rs +++ b/middleware/flow/src/api/ci/flow_ci_inst_api.rs @@ -1,10 +1,16 @@ +use std::collections::HashMap; + +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; use tardis::web::context_extractor::TardisContextExtractor; +use tardis::web::poem::web::Path; +use tardis::web::poem::Request; use tardis::web::poem_openapi::payload::Json; use tardis::web::poem_openapi::{self, param::Query}; use tardis::web::web_resp::{TardisApiResult, TardisResp, Void}; use tardis::{log, tokio}; -use crate::dto::flow_inst_dto::{FlowInstBatchBindReq, FlowInstBatchBindResp, FlowInstBindReq, FlowInstDetailResp, FlowInstStartReq}; +use crate::dto::flow_external_dto::FlowExternalCallbackOp; +use crate::dto::flow_inst_dto::{FlowInstAbortReq, FlowInstBatchBindReq, FlowInstBatchBindResp, FlowInstBindReq, FlowInstDetailResp, FlowInstFindStateAndTransitionsReq, FlowInstFindStateAndTransitionsResp, FlowInstModifyAssignedReq, FlowInstModifyCurrentVarsReq, FlowInstStartReq, FlowInstTransferReq, FlowInstTransferResp}; use crate::flow_constants; use crate::serv::flow_inst_serv::FlowInstServ; #[derive(Clone)] @@ -13,10 +19,137 @@ pub struct FlowCiInstApi; /// Flow Config process API #[poem_openapi::OpenApi(prefix_path = "/ci/inst")] impl FlowCiInstApi { + /// Start Instance / 启动实例 + #[oai(path = "/", method = "post")] + async fn start(&self, add_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + let mut funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + funs.begin().await?; + let result = FlowInstServ::start(&add_req.0, None, &funs, &ctx.0).await?; + funs.commit().await?; + TardisResp::ok(result) + } + + /// Get Instance By Instance Id / 获取实例信息 + #[oai(path = "/:flow_inst_id", method = "get")] + async fn get(&self, flow_inst_id: Path, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + let funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + let result = FlowInstServ::get(&flow_inst_id.0, &funs, &ctx.0).await?; + TardisResp::ok(result) + } + + /// Find the state and transfer information of the specified model in batch / 批量获取指定模型的状态及流转信息 + #[oai(path = "/batch/state_transitions", method = "put")] + async fn find_state_and_next_transitions( + &self, + find_req: Json>, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult> { + let funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + let result = FlowInstServ::find_state_and_next_transitions(&find_req.0, &funs, &ctx.0).await?; + TardisResp::ok(result) + } + + /// Abort Instance / 中止实例 + #[oai(path = "/:flow_inst_id", method = "put")] + async fn abort(&self, flow_inst_id: Path, abort_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + let mut funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + funs.begin().await?; + FlowInstServ::abort(&flow_inst_id.0, &abort_req.0, &funs, &ctx.0).await?; + funs.commit().await?; + TardisResp::ok(Void {}) + } + + /// Transfer State By State Id / 流转 + #[oai(path = "/:flow_inst_id/transition/transfer", method = "put")] + async fn transfer( + &self, + flow_inst_id: Path, + transfer_req: Json, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult { + let mut funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + let mut transfer = transfer_req.0; + FlowInstServ::check_transfer_vars(&flow_inst_id.0, &mut transfer, &funs, &ctx.0).await?; + funs.begin().await?; + let result = FlowInstServ::transfer(&flow_inst_id.0, &transfer, false, FlowExternalCallbackOp::Default, &funs, &ctx.0).await?; + funs.commit().await?; + TardisResp::ok(result) + } + + /// Batch transfer State By State Id / 批量流转 + #[oai(path = "/batch/:flow_inst_ids/transition/transfer", method = "put")] + async fn batch_transfer( + &self, + flow_inst_ids: Path, + transfer_req: Json, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult> { + let mut funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + let mut result = vec![]; + let flow_inst_ids: Vec<_> = flow_inst_ids.split(',').collect(); + let raw_transfer_req = transfer_req.0; + let mut flow_inst_id_transfer_map = HashMap::new(); + funs.begin().await?; + for flow_inst_id in &flow_inst_ids { + let mut transfer_req = raw_transfer_req.clone(); + FlowInstServ::check_transfer_vars(flow_inst_id, &mut transfer_req, &funs, &ctx.0).await?; + flow_inst_id_transfer_map.insert(flow_inst_id, transfer_req); + } + for (flow_inst_id, transfer_req) in flow_inst_id_transfer_map { + result.push(FlowInstServ::transfer(flow_inst_id, &transfer_req, false, FlowExternalCallbackOp::Default, &funs, &ctx.0).await?); + } + funs.commit().await?; + TardisResp::ok(result) + } + + /// Modify Assigned / 同步执行人信息 + #[oai(path = "/:flow_inst_id/transition/modify_assigned", method = "post")] + async fn modify_assigned( + &self, + flow_inst_id: Path, + modify_req: Json, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult { + let mut funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + funs.begin().await?; + FlowInstServ::modify_assigned(&flow_inst_id.0, &modify_req.0.current_assigned, &funs, &ctx.0).await?; + funs.commit().await?; + TardisResp::ok(Void {}) + } + + /// Modify list of variables / 同步当前变量列表 + #[oai(path = "/:flow_inst_id/modify_current_vars", method = "patch")] + async fn modify_current_vars( + &self, + flow_inst_id: Path, + modify_req: Json, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult { + let mut funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + funs.begin().await?; + FlowInstServ::modify_current_vars(&flow_inst_id.0, &modify_req.0.vars, &funs, &ctx.0).await?; + funs.commit().await?; + TardisResp::ok(Void {}) + } + /// Bind Single Instance / 绑定单个实例 #[oai(path = "/bind", method = "post")] - async fn bind(&self, add_req: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn bind(&self, add_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let inst_id = FlowInstServ::get_inst_ids_by_rel_business_obj_id(vec![add_req.0.rel_business_obj_id.clone()], &funs, &ctx.0).await?.pop(); let result = if let Some(inst_id) = inst_id { inst_id @@ -42,8 +175,9 @@ impl FlowCiInstApi { /// Batch Bind Instance / 批量绑定实例 (初始化) #[oai(path = "/batch_bind", method = "post")] - async fn batch_bind(&self, add_req: Json, ctx: TardisContextExtractor) -> TardisApiResult> { + async fn batch_bind(&self, add_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult> { let mut funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; funs.begin().await?; let result = FlowInstServ::batch_bind(&add_req.0, &funs, &ctx.0).await?; funs.commit().await?; @@ -52,8 +186,9 @@ impl FlowCiInstApi { /// Get list of instance id by rel_business_obj_id / 通过业务ID获取实例信息 #[oai(path = "/find_detail_by_obj_ids", method = "get")] - async fn find_detail_by_obj_ids(&self, obj_ids: Query, ctx: TardisContextExtractor) -> TardisApiResult> { + async fn find_detail_by_obj_ids(&self, obj_ids: Query, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult> { let funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let rel_business_obj_ids: Vec<_> = obj_ids.0.split(',').map(|id| id.to_string()).collect(); let inst_ids = FlowInstServ::get_inst_ids_by_rel_business_obj_id(rel_business_obj_ids, &funs, &ctx.0).await?; let mut result = vec![]; diff --git a/middleware/flow/src/api/ci/flow_ci_model_api.rs b/middleware/flow/src/api/ci/flow_ci_model_api.rs new file mode 100644 index 000000000..bfc38b331 --- /dev/null +++ b/middleware/flow/src/api/ci/flow_ci_model_api.rs @@ -0,0 +1,88 @@ +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; +use bios_basic::rbum::dto::rbum_filer_dto::RbumBasicFilterReq; +use bios_basic::rbum::serv::rbum_item_serv::RbumItemCrudOperation; +use tardis::web::context_extractor::TardisContextExtractor; +use tardis::web::poem::web::{Json, Query}; +use tardis::web::poem::Request; +use tardis::web::poem_openapi; +use tardis::web::web_resp::{TardisApiResult, TardisResp}; + +use crate::dto::flow_model_dto::{FlowModelAddCustomModelReq, FlowModelAddCustomModelResp, FlowModelAggResp, FlowModelFilterReq, FlowModelFindRelStateResp}; +use crate::flow_constants; +use crate::serv::flow_model_serv::FlowModelServ; +#[derive(Clone)] +pub struct FlowCiModelApi; + +/// Flow Config process API +#[poem_openapi::OpenApi(prefix_path = "/ci/model")] +impl FlowCiModelApi { + /// Get model detail / 获取模型详情 + #[oai(path = "/detail", method = "get")] + async fn get_detail( + &self, + id: Query>, + tag: Query>, + rel_template_id: Query>, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult { + let funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + let model_id = FlowModelServ::find_one_item( + &FlowModelFilterReq { + basic: RbumBasicFilterReq { + ids: id.0.map(|id| vec![id]), + ..Default::default() + }, + tags: tag.0.map(|tag| vec![tag]), + rel_template_id: rel_template_id.0, + ..Default::default() + }, + &funs, + &ctx.0, + ) + .await? + .ok_or_else(|| funs.err().internal_error("flow_ci_model_api", "get_detail", "model is not exist", "404-flow-model-not-found"))? + .id; + let result = FlowModelServ::get_item_detail_aggs(&model_id, &funs, &ctx.0).await?; + + TardisResp::ok(result) + } + + /// find rel states by model_id / 获取关联状态 + #[oai(path = "/find_rel_status", method = "get")] + async fn find_rel_states( + &self, + tag: Query, + rel_template_id: Query>, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult> { + let funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + let result = FlowModelServ::find_rel_states(tag.0.split(',').collect(), rel_template_id.0, &funs, &ctx.0).await?; + + TardisResp::ok(result) + } + + /// add custom model by template_id / 添加自定义模型 + #[oai(path = "/add_custom_model", method = "post")] + async fn add_custom_model( + &self, + req: Json, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult> { + let mut funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + funs.begin().await?; + let proj_template_id = req.0.proj_template_id.unwrap_or_default(); + let mut result = vec![]; + for item in req.0.bind_model_objs { + let model_id = FlowModelServ::add_custom_model(&item.tag, &proj_template_id, None, &funs, &ctx.0).await.ok(); + result.push(FlowModelAddCustomModelResp { tag: item.tag, model_id }); + } + funs.commit().await?; + TardisResp::ok(result) + } +} diff --git a/middleware/flow/src/api/ci/flow_ci_state_api.rs b/middleware/flow/src/api/ci/flow_ci_state_api.rs new file mode 100644 index 000000000..1eaf97682 --- /dev/null +++ b/middleware/flow/src/api/ci/flow_ci_state_api.rs @@ -0,0 +1,101 @@ +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; +use bios_basic::rbum::dto::rbum_filer_dto::RbumBasicFilterReq; +use bios_basic::rbum::helper::rbum_scope_helper; +use bios_basic::rbum::rbum_enumeration::RbumScopeLevelKind; +use bios_basic::rbum::serv::rbum_item_serv::RbumItemCrudOperation; +use tardis::web::context_extractor::TardisContextExtractor; +use tardis::web::poem::web::{Json, Query}; +use tardis::web::poem::Request; +use tardis::web::poem_openapi; +use tardis::web::web_resp::{TardisApiResult, TardisPage, TardisResp}; + +use crate::dto::flow_state_dto::{FlowStateCountGroupByStateReq, FlowStateCountGroupByStateResp, FlowStateFilterReq, FlowStateKind, FlowStateSummaryResp, FlowSysStateKind}; +use crate::flow_constants; +use crate::serv::flow_state_serv::FlowStateServ; +#[derive(Clone)] +pub struct FlowCiStateApi; + +/// Flow Config process API +#[poem_openapi::OpenApi(prefix_path = "/ci/state")] +impl FlowCiStateApi { + /// Find States / 获取状态列表 + #[oai(path = "/", method = "get")] + #[allow(clippy::too_many_arguments)] + async fn paginate( + &self, + ids: Query>, + name: Query>, + tag: Query>, + sys_state: Query>, + state_kind: Query>, + enabled: Query>, + template: Query>, + with_sub: Query>, + is_global: Query>, + page_number: Query, + page_size: Query, + desc_by_create: Query>, + desc_by_update: Query>, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult> { + let funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + + let (scope_level, with_sub_own_paths) = if let Some(is_global) = is_global.0 { + if is_global { + // get global state + (Some(RbumScopeLevelKind::Root), false) + } else { + // get custom state + (Some(rbum_scope_helper::get_scope_level_by_context(&ctx.0)?), true) + } + } else { + // get all state + (None, with_sub.0.unwrap_or(false)) + }; + + let result = FlowStateServ::paginate_items( + &FlowStateFilterReq { + basic: RbumBasicFilterReq { + ids: ids.0.map(|ids| ids.split(',').map(|id| id.to_string()).collect::>()), + name: name.0, + with_sub_own_paths, + enabled: enabled.0, + scope_level, + ..Default::default() + }, + tag: tag.0, + sys_state: sys_state.0, + state_kind: state_kind.0, + template: template.0, + ..Default::default() + }, + page_number.0, + page_size.0, + desc_by_create.0, + desc_by_update.0, + &funs, + &ctx.0, + ) + .await?; + + TardisResp::ok(result) + } + + /// Count Group By State / 按状态分组统计 + #[oai(path = "/count_group_by_state", method = "post")] + async fn count_group_by_state( + &self, + req: Json, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult> { + let mut funs = flow_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + funs.begin().await?; + let result = FlowStateServ::count_group_by_state(&req.0, &funs, &ctx.0).await?; + funs.commit().await?; + TardisResp::ok(result) + } +} diff --git a/spi/spi-conf/src/api/nacos/grpc/mod.rs b/spi/spi-conf/src/api/nacos/grpc/mod.rs index fc6fc7740..f2a89c6d4 100644 --- a/spi/spi-conf/src/api/nacos/grpc/mod.rs +++ b/spi/spi-conf/src/api/nacos/grpc/mod.rs @@ -8,7 +8,6 @@ use tardis::{ web::poem, }; #[allow(non_snake_case)] - mod proto; pub use proto::{ BiRequestStream as BiRequestStreamProto, BiRequestStreamServer as BiRequestStreamGrpcServer, Metadata, Payload, Request as RequestProto, RequestServer as RequestGrpcServer, diff --git a/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_serv.rs b/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_serv.rs index 8264b7ca2..9e60da508 100644 --- a/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_serv.rs +++ b/spi/spi-stats/src/serv/pg/stats_pg_conf_fact_serv.rs @@ -188,6 +188,7 @@ async fn do_paginate( let table_col_name = package_table_name("stats_conf_fact_col", ctx); let mut sql_where = vec!["1 = 1".to_string()]; let mut sql_order = vec![]; + let mut sql_left = "".to_string(); let mut params: Vec = vec![Value::from(page_size), Value::from((page_number - 1) * page_size)]; if let Some(fact_conf_key) = &fact_conf_key { sql_where.push(format!("fact.key = ${}", params.len() + 1)); @@ -203,13 +204,15 @@ async fn do_paginate( } if let Some(dim_rel_conf_dim_keys) = &dim_rel_conf_dim_keys { if !dim_rel_conf_dim_keys.is_empty() { - sql_where.push(format!( - "fact_col.dim_rel_conf_dim_key in ({})", - (0..dim_rel_conf_dim_keys.len()).map(|idx| format!("${}", params.len() + idx + 1)).collect::>().join(",") - )); + sql_left = format!( + r#" LEFT JOIN (SELECT rel_conf_fact_key,COUNT(rel_conf_fact_key) FROM {table_col_name} WHERE dim_rel_conf_dim_key IN ({}) GROUP BY rel_conf_fact_key HAVING COUNT(rel_conf_fact_key) = {}) AS fact_col ON fact.key = fact_col.rel_conf_fact_key"#, + (0..dim_rel_conf_dim_keys.len()).map(|idx| format!("${}", params.len() + idx + 1)).collect::>().join(","), + dim_rel_conf_dim_keys.len() + ); for dim_rel_conf_dim_key in dim_rel_conf_dim_keys { params.push(Value::from(format!("{dim_rel_conf_dim_key}"))); } + sql_where.push(format!("fact_col.rel_conf_fact_key IS NOT NULL")); } } if let Some(desc_by_create) = desc_by_create { @@ -225,13 +228,14 @@ async fn do_paginate( r#"SELECT t.*, count(*) OVER () AS total FROM ( SELECT distinct fact.key as key, fact.show_name as show_name, fact.query_limit as query_limit, fact.remark as remark, fact.redirect_path as redirect_path, fact.is_online as is_online, fact.create_time as create_time, fact.update_time as update_time FROM {table_name} as fact -left join {table_col_name} as fact_col on fact.key = fact_col.rel_conf_fact_key +{} WHERE {} {} ) as t LIMIT $1 OFFSET $2 "#, + sql_left, sql_where.join(" AND "), if sql_order.is_empty() { "".to_string() diff --git a/support/auth/src/serv/auth_crypto_serv.rs b/support/auth/src/serv/auth_crypto_serv.rs index 4df628df9..bc46a4306 100644 --- a/support/auth/src/serv/auth_crypto_serv.rs +++ b/support/auth/src/serv/auth_crypto_serv.rs @@ -3,7 +3,7 @@ use std::collections::HashMap; use tardis::{ basic::{error::TardisError, result::TardisResult}, crypto::crypto_sm2_4::{TardisCryptoSm2PrivateKey, TardisCryptoSm2PublicKey}, - log::{trace}, + log::trace, tokio::sync::RwLock, TardisFuns, }; @@ -84,8 +84,8 @@ pub async fn decrypt_req( if input_keys.len() == 4 { let input_sm3_digest = input_keys[0]; - let input_sm4_key = TardisFuns::crypto.hex.decode(input_keys[1])?; - let input_sm4_iv = TardisFuns::crypto.hex.decode(input_keys[2])?; + let input_sm4_key = input_keys[1]; + let input_sm4_iv = input_keys[2]; let input_pub_key = input_keys[3]; if let Some(body) = body.as_ref() { @@ -113,8 +113,8 @@ pub async fn decrypt_req( } } else if input_keys.len() == 3 { let input_sm3_digest = input_keys[0]; - let input_sm4_key = TardisFuns::crypto.hex.decode(input_keys[1])?; - let input_sm4_iv = TardisFuns::crypto.hex.decode(input_keys[2])?; + let input_sm4_key = input_keys[1]; + let input_sm4_iv = input_keys[2]; if let Some(body) = body.as_ref() { if input_sm3_digest != TardisFuns::crypto.digest.sm3(body)? { trace!( diff --git a/support/auth/src/serv/auth_kernel_serv.rs b/support/auth/src/serv/auth_kernel_serv.rs index 22ab7d171..d6a790c22 100644 --- a/support/auth/src/serv/auth_kernel_serv.rs +++ b/support/auth/src/serv/auth_kernel_serv.rs @@ -57,6 +57,9 @@ fn check(req: &mut AuthReq) -> TardisResult { } async fn ident(req: &mut AuthReq, config: &AuthConfig, cache_client: &TardisCacheClient) -> TardisResult { + // Do not allow external header information to be used internally + req.headers.remove(&config.head_key_auth_ident); + let rbum_kind = if let Some(rbum_kind) = req.headers.get(&config.head_key_protocol).or_else(|| req.headers.get(&config.head_key_protocol.to_lowercase())) { rbum_kind.to_string() } else { diff --git a/support/enhance-wasm/Cargo.toml b/support/enhance-wasm/Cargo.toml index 2a10a488a..d6e2970c4 100644 --- a/support/enhance-wasm/Cargo.toml +++ b/support/enhance-wasm/Cargo.toml @@ -22,7 +22,7 @@ lazy_static.workspace = true # crypto base64 = { version = "0.21" } hex = { version = "0.4" } -libsm = { version = "=0.5.0" } +libsm = { version = "=0.6.0" } num-bigint = { version = "0.4.3" } # wasm @@ -33,22 +33,22 @@ wasm-bindgen-futures = { version = "0" } serde-wasm-bindgen = { version = "0" } js-sys = { version = "0" } web-sys = { version = "0", features = [ - 'Headers', - 'Request', - 'RequestInit', - 'RequestCredentials', - 'RequestMode', - 'Response', - 'Window', - 'console', - 'BroadcastChannel', - 'Storage', + 'Headers', + 'Request', + 'RequestInit', + 'RequestCredentials', + 'RequestMode', + 'Response', + 'Window', + 'console', + 'BroadcastChannel', + 'Storage', ] } wasm-bindgen-test = { version = "0" } # see: https://github.com/rust-random/getrandom/issues/231 # see: https://github.com/rustwasm/wasm-bindgen/pull/3031 -getrandom = { version = "^0.2", features = ["js"]} +getrandom = { version = "^0.2", features = ["js"] } # TODO rand = { version = "0.8" } diff --git a/support/enhance-wasm/src/mini_tardis/crypto.rs b/support/enhance-wasm/src/mini_tardis/crypto.rs index 8bab33693..5c21272fd 100644 --- a/support/enhance-wasm/src/mini_tardis/crypto.rs +++ b/support/enhance-wasm/src/mini_tardis/crypto.rs @@ -148,7 +148,7 @@ pub mod sm { let cipher = Cipher::new(hex_key.as_bytes(), Mode::Cbc) .map_err(|error| TardisError::format_error(&format!("[Tardis.Crypto] SM4 new cipher error:{error}"), "406-tardis-crypto-sm4-cipher-error"))?; let encrypted_data = cipher - .encrypt(data.as_bytes(), hex_iv.as_bytes()) + .encrypt("".as_bytes(), data.as_bytes(), hex_iv.as_bytes()) .map_err(|error| TardisError::format_error(&format!("[Tardis.Crypto] SM4 encrypt error:{error}"), "406-tardis-crypto-sm4-encrypt-error"))?; Ok(hex::encode(encrypted_data)) } @@ -158,7 +158,7 @@ pub mod sm { .map_err(|error| TardisError::format_error(&format!("[Tardis.Crypto] SM4 new cipher error:{error}"), "406-tardis-crypto-sm4-cipher-error"))?; let encrypted_data = hex::decode(encrypted_data)?; let data = cipher - .decrypt(encrypted_data.as_slice(), hex_iv.as_bytes()) + .decrypt("".as_bytes(), encrypted_data.as_slice(), hex_iv.as_bytes()) .map_err(|error| TardisError::format_error(&format!("[Tardis.Crypto] SM4 decrypt error:{error}"), "406-tardis-crypto-sm4-decrypt-error"))?; Ok(String::from_utf8(data)?) } diff --git a/support/iam/src/basic/serv/iam_open_serv.rs b/support/iam/src/basic/serv/iam_open_serv.rs index c84ecb3fc..47cd45185 100644 --- a/support/iam/src/basic/serv/iam_open_serv.rs +++ b/support/iam/src/basic/serv/iam_open_serv.rs @@ -344,7 +344,10 @@ impl IamOpenServ { pub async fn general_cert(add_req: IamOpenAkSkAddReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { let rel_iam_item_id = IamTenantServ::get_id_by_ctx(ctx, funs)?; - let cert_conf_id = IamCertServ::get_cert_conf_id_by_kind(IamCertKernelKind::AkSk.to_string().as_str(), Some(rel_iam_item_id.clone()), funs).await.unwrap_or( + let cert_conf = IamCertServ::get_cert_conf_id_by_kind(IamCertKernelKind::AkSk.to_string().as_str(), Some(rel_iam_item_id.clone()), funs).await; + let cert_conf_id = if let Ok(cert_conf_id) = cert_conf { + cert_conf_id + } else { IamCertAkSkServ::add_cert_conf( &IamCertConfAkSkAddOrModifyReq { name: TrimString(format!("AkSk-{}", &rel_iam_item_id)), @@ -354,8 +357,8 @@ impl IamOpenServ { funs, ctx, ) - .await?, - ); + .await? + }; let ak = TardisFuns::crypto.key.generate_ak()?; let sk = TardisFuns::crypto.key.generate_sk(&ak)?; diff --git a/support/iam/src/console_interface/api/iam_ci_account_api.rs b/support/iam/src/console_interface/api/iam_ci_account_api.rs index 744134434..0061adb60 100644 --- a/support/iam/src/console_interface/api/iam_ci_account_api.rs +++ b/support/iam/src/console_interface/api/iam_ci_account_api.rs @@ -1,5 +1,6 @@ use std::collections::HashMap; +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; use bios_basic::rbum::dto::rbum_filer_dto::{RbumBasicFilterReq, RbumCertFilterReq, RbumItemRelFilterReq, RbumSetCateFilterReq, RbumSetItemFilterReq, RbumSetItemRelFilterReq}; use bios_basic::rbum::dto::rbum_set_item_dto::RbumSetItemDetailResp; use bios_basic::rbum::rbum_enumeration::{RbumRelFromKind, RbumSetCateLevelQueryKind}; @@ -47,12 +48,13 @@ impl IamCiAccountApi { page_size: Query, desc_by_create: Query>, desc_by_update: Query>, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult> { + let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::try_use_tenant_ctx(ctx.0, tenant_id.0.clone())?; add_remote_ip(request, &ctx).await?; - let funs = iam_constants::get_tardis_inst(); let rel = role_ids.0.map(|role_ids| { let role_ids = role_ids.split(',').map(|r| r.to_string()).collect::>(); RbumItemRelFilterReq { @@ -123,9 +125,10 @@ impl IamCiAccountApi { /// Get Context By Account Id 根据帐户Id获取上下文 #[oai(path = "/:id/ctx", method = "get")] - async fn get_account_context(&self, id: Path, app_id: Query>, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn get_account_context(&self, id: Path, app_id: Query>, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; let mut ctx_resp = IamIdentCacheServ::get_account_context(&id.0, &app_id.0.unwrap_or((&"").to_string()), &funs).await?; ctx_resp.own_paths = ctx.0.own_paths; TardisResp::ok(TardisFuns::crypto.base64.encode(TardisFuns::json.obj_to_string(&ctx_resp).unwrap_or_default())) @@ -133,10 +136,11 @@ impl IamCiAccountApi { /// Get Account By Account Id 通过帐户Id获取帐户 #[oai(path = "/:id", method = "get")] - async fn get(&self, id: Path, tenant_id: Query>, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + async fn get(&self, id: Path, tenant_id: Query>, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::try_use_tenant_ctx(ctx.0, tenant_id.0)?; add_remote_ip(request, &ctx).await?; - let funs = iam_constants::get_tardis_inst(); let result = IamAccountServ::get_account_detail_aggs( &id.0, &IamAccountFilterReq { @@ -166,12 +170,13 @@ impl IamCiAccountApi { kind: Query>, tenant_id: Query>, supplier: Query>, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult> { + let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::try_use_tenant_ctx(ctx.0, tenant_id.0.clone())?; add_remote_ip(request, &ctx).await?; - let funs = iam_constants::get_tardis_inst(); let supplier = supplier.0.unwrap_or_default(); let kind = kind.0.unwrap_or_else(|| "UserPwd".to_string()); let kind = if kind.is_empty() { "UserPwd".to_string() } else { kind }; @@ -225,10 +230,11 @@ impl IamCiAccountApi { &self, cate_ids: Query>, item_ids: Query>, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult> { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::use_sys_or_tenant_ctx_unsafe(ctx.0)?; add_remote_ip(request, &ctx).await?; let set_id = IamSetServ::get_default_set_id_by_ctx(&IamSetKind::Apps, &funs, &ctx).await?; @@ -291,10 +297,11 @@ impl IamCiAccountApi { sys_code_query_depth: Query>, cate_ids: Query>, item_ids: Query>, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult> { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::use_sys_or_tenant_ctx_unsafe(ctx.0)?; add_remote_ip(request, &ctx).await?; let set_id = IamSetServ::get_default_set_id_by_ctx(&IamSetKind::Apps, &funs, &ctx).await?; diff --git a/support/iam/src/console_interface/api/iam_ci_app_api.rs b/support/iam/src/console_interface/api/iam_ci_app_api.rs index afed4f72d..9ffd438a2 100644 --- a/support/iam/src/console_interface/api/iam_ci_app_api.rs +++ b/support/iam/src/console_interface/api/iam_ci_app_api.rs @@ -6,6 +6,7 @@ use crate::basic::serv::iam_set_serv::IamSetServ; use crate::iam_config::IamBasicConfigApi; use crate::iam_constants::{self}; use crate::iam_enumeration::IamSetKind; +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; use bios_basic::process::task_processor::TaskProcessor; use bios_basic::rbum::dto::rbum_filer_dto::{RbumBasicFilterReq, RbumSetItemFilterReq}; use bios_basic::rbum::dto::rbum_set_item_dto::RbumSetItemDetailResp; @@ -30,9 +31,10 @@ pub struct IamCiAppApi; impl IamCiAppApi { /// Add App #[oai(path = "/", method = "post")] - async fn add(&self, add_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn add(&self, add_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; let result = IamAppServ::add_app_agg(&add_req.0, &funs, &ctx.0).await?; funs.commit().await?; @@ -44,9 +46,10 @@ impl IamCiAppApi { /// /// When code = 202, the return value is the asynchronous task id #[oai(path = "/", method = "put")] - async fn modify(&self, modify_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult> { - add_remote_ip(request, &ctx.0).await?; + async fn modify(&self, modify_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult> { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; IamAppServ::modify_app_agg(&IamAppServ::get_id_by_ctx(&ctx.0, &funs)?, &modify_req, &funs, &ctx.0).await?; @@ -65,10 +68,11 @@ impl IamCiAppApi { &self, cate_ids: Query>, item_ids: Query>, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult> { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::use_sys_or_tenant_ctx_unsafe(ctx.0)?; add_remote_ip(request, &ctx).await?; let set_id = IamSetServ::get_default_set_id_by_ctx(&IamSetKind::Apps, &funs, &ctx).await?; @@ -131,10 +135,11 @@ impl IamCiAppApi { sys_code_query_depth: Query>, cate_ids: Query>, item_ids: Query>, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult> { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::use_sys_or_tenant_ctx_unsafe(ctx.0)?; add_remote_ip(request, &ctx).await?; let set_id = IamSetServ::get_default_set_id_by_ctx(&IamSetKind::Apps, &funs, &ctx).await?; diff --git a/support/iam/src/console_interface/api/iam_ci_app_set_api.rs b/support/iam/src/console_interface/api/iam_ci_app_set_api.rs index 08b4fbda1..738ec41f6 100644 --- a/support/iam/src/console_interface/api/iam_ci_app_set_api.rs +++ b/support/iam/src/console_interface/api/iam_ci_app_set_api.rs @@ -1,3 +1,4 @@ +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; use bios_basic::rbum::dto::rbum_set_dto::RbumSetTreeResp; use bios_basic::rbum::serv::rbum_crud_serv::RbumCrudOperation; use bios_basic::rbum::serv::rbum_set_serv::RbumSetItemServ; @@ -29,10 +30,11 @@ impl IamCiAppSetApi { &self, cate_ids: Query>, item_ids: Query>, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult> { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::use_sys_or_tenant_ctx_unsafe(ctx.0)?; add_remote_ip(request, &ctx).await?; let set_id = IamSetServ::get_default_set_id_by_ctx(&IamSetKind::Apps, &funs, &ctx).await?; diff --git a/support/iam/src/console_interface/api/iam_ci_cert_api.rs b/support/iam/src/console_interface/api/iam_ci_cert_api.rs index 7e644ff3e..e90bd0ef3 100644 --- a/support/iam/src/console_interface/api/iam_ci_cert_api.rs +++ b/support/iam/src/console_interface/api/iam_ci_cert_api.rs @@ -10,6 +10,7 @@ use crate::console_interface::serv::iam_ci_cert_aksk_serv::IamCiCertAkSkServ; use crate::console_interface::serv::iam_ci_oauth2_token_serv::IamCiOauth2AkSkServ; use crate::iam_constants; use crate::iam_enumeration::Oauth2GrantType; +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; use bios_basic::helper::request_helper::add_remote_ip; use bios_basic::rbum::dto::rbum_cert_dto::RbumCertSummaryWithSkResp; use bios_basic::rbum::dto::rbum_filer_dto::RbumCertFilterReq; @@ -37,10 +38,11 @@ pub struct IamCiLdapCertApi; impl IamCiCertManageApi { /// Add aksk Cert #[oai(path = "/aksk", method = "post")] - async fn add_aksk(&self, add_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + async fn add_aksk(&self, add_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::try_use_tenant_ctx(ctx.0, Some(add_req.tenant_id.clone()))?; add_remote_ip(request, &ctx).await?; - let mut funs = iam_constants::get_tardis_inst(); funs.begin().await?; let result = IamCiCertAkSkServ::general_cert(add_req.0, &funs, &ctx).await?; funs.commit().await?; @@ -49,9 +51,10 @@ impl IamCiCertManageApi { } #[oai(path = "/aksk", method = "delete")] - async fn delete_aksk(&self, id: Query, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn delete_aksk(&self, id: Query, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; IamCiCertAkSkServ::delete_cert(&id.0, &funs, &ctx.0).await?; funs.commit().await?; @@ -77,9 +80,10 @@ impl IamCiCertManageApi { #[poem_openapi::OpenApi(prefix_path = "/ci/cert", tag = "bios_basic::ApiTag::Interface")] impl IamCiCertApi { #[oai(path = "/get/:id", method = "get")] - async fn get_cert_by_id(&self, id: Path, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn get_cert_by_id(&self, id: Path, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; let ak = RbumCertServ::find_one_detail_rbum( &RbumCertFilterReq { id: Some(id.0.clone()), @@ -109,12 +113,13 @@ impl IamCiCertApi { tenant_id: Query>, supplier: Query>, ldap_origin: Query>, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult { + let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::try_use_tenant_ctx(ctx.0, tenant_id.0.clone())?; add_remote_ip(request, &ctx).await?; - let funs = iam_constants::get_tardis_inst(); let supplier = supplier.0.unwrap_or_default(); let kind = kind.0.unwrap_or_else(|| "UserPwd".to_string()); let kind = if kind.is_empty() { "UserPwd".to_string() } else { kind }; @@ -142,11 +147,12 @@ impl IamCiCertApi { &self, account_id: Query, mut add_req: Json, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; IamCertServ::add_3th_kind_cert(&mut add_req.0, &account_id.0, &funs, &ctx.0).await?; funs.commit().await?; @@ -160,11 +166,12 @@ impl IamCiCertApi { &self, account_id: Query, supplier: Query, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; let rbum_cert = IamCertServ::get_3th_kind_cert_by_rel_rubm_id(&account_id.0, vec![supplier.0], &funs, &ctx.0).await?; ctx.0.execute_task().await?; TardisResp::ok(rbum_cert) @@ -174,9 +181,10 @@ impl IamCiCertApi { /// /// 定时任务触发第三方集成同步 #[oai(path = "/sync", method = "get")] - async fn third_integration_sync(&self, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn third_integration_sync(&self, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; let msg = IamCertServ::third_integration_sync_without_config(&funs, &ctx.0).await?; ctx.0.execute_task().await?; TardisResp::ok(msg) @@ -184,8 +192,9 @@ impl IamCiCertApi { /// decode cert #[oai(path = "/decode", method = "post")] - async fn decode_certs(&self, body: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult> { + async fn decode_certs(&self, body: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult> { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::use_sys_or_tenant_ctx_unsafe(ctx.0)?; add_remote_ip(request, &ctx).await?; funs.begin().await?; @@ -220,12 +229,13 @@ impl IamCiLdapCertApi { &self, supplier: Query, tenant_id: Query>, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult { + let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::try_use_tenant_ctx(ctx.0, tenant_id.0.clone())?; add_remote_ip(request, &ctx).await?; - let mut funs = iam_constants::get_tardis_inst(); funs.begin().await?; let conf_id = if let Ok(conf_id) = IamCertServ::get_cert_conf_id_by_kind_supplier("Ldap", &supplier.0, tenant_id.0, &funs).await { conf_id diff --git a/support/iam/src/console_interface/api/iam_ci_open_api.rs b/support/iam/src/console_interface/api/iam_ci_open_api.rs index 9525047d6..c5ac90317 100644 --- a/support/iam/src/console_interface/api/iam_ci_open_api.rs +++ b/support/iam/src/console_interface/api/iam_ci_open_api.rs @@ -1,3 +1,4 @@ +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; use bios_basic::helper::request_helper::add_remote_ip; use tardis::basic::dto::TardisContext; use tardis::web::context_extractor::TardisContextExtractor; @@ -21,9 +22,10 @@ pub struct IamCiOpenApi; impl IamCiOpenApi { /// Add product / 添加产品 #[oai(path = "/add_product", method = "post")] - async fn add_product(&self, add_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn add_product(&self, add_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; IamOpenServ::add_product(&add_req.0, &funs, &ctx.0).await?; funs.commit().await?; @@ -33,9 +35,16 @@ impl IamCiOpenApi { /// Cert bind product_and_spec / 凭证绑定产品和规格 #[oai(path = "/:id/bind_cert_product_and_spec", method = "post")] - async fn bind_cert_product_and_spec(&self, id: Path, bind_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn bind_cert_product_and_spec( + &self, + id: Path, + bind_req: Json, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; IamOpenServ::bind_cert_product_and_spec(&id.0, &bind_req.0, &funs, &ctx.0).await?; funs.commit().await?; @@ -45,10 +54,11 @@ impl IamCiOpenApi { /// Add aksk Cert by open platform / 生成AKSK通过开放平台 #[oai(path = "/aksk", method = "post")] - async fn add_aksk(&self, add_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + async fn add_aksk(&self, add_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamCertServ::try_use_tenant_ctx(ctx.0, Some(add_req.tenant_id.clone()))?; add_remote_ip(request, &ctx).await?; - let mut funs = iam_constants::get_tardis_inst(); funs.begin().await?; let result = IamOpenServ::general_cert(add_req.0, &funs, &ctx).await?; funs.commit().await?; @@ -58,9 +68,10 @@ impl IamCiOpenApi { /// Get account rule info / 获取账号规则信息 #[oai(path = "/", method = "get")] - async fn get_rule_info(&self, cert_id: Query, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn get_rule_info(&self, cert_id: Query, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; let result = IamOpenServ::get_rule_info(cert_id.0, &funs, &ctx.0).await?; funs.commit().await?; diff --git a/support/iam/src/console_interface/api/iam_ci_res_api.rs b/support/iam/src/console_interface/api/iam_ci_res_api.rs index 9d1207c5b..e97883f84 100644 --- a/support/iam/src/console_interface/api/iam_ci_res_api.rs +++ b/support/iam/src/console_interface/api/iam_ci_res_api.rs @@ -4,6 +4,7 @@ use crate::basic::serv::iam_res_serv::IamResServ; use crate::basic::serv::iam_set_serv::IamSetServ; use crate::iam_constants; use crate::iam_enumeration::IamSetKind; +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; use bios_basic::rbum::rbum_config::RbumConfigApi; use bios_basic::helper::request_helper::add_remote_ip; @@ -22,9 +23,10 @@ pub struct IamCiResApi; #[poem_openapi::OpenApi(prefix_path = "/ci/res", tag = "bios_basic::ApiTag::Interface")] impl IamCiResApi { #[oai(path = "/", method = "post")] - async fn add(&self, mut add_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn add(&self, mut add_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; let set_id = IamSetServ::get_default_set_id_by_ctx(&IamSetKind::Res, &funs, &ctx.0).await?; let result = IamResServ::add_res_agg(&mut add_req.0, &set_id, &funs, &ctx.0).await?; @@ -35,9 +37,10 @@ impl IamCiResApi { /// Add Res Cate #[oai(path = "/cate", method = "post")] - async fn add_cate(&self, add_req: Json, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn add_cate(&self, add_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; let set_cate_sys_code_node_len = funs.rbum_conf_set_cate_sys_code_node_len(); let api_sys_codes = TardisFuns::field.incr_by_base36(&String::from_utf8(vec![b'0'; set_cate_sys_code_node_len]).unwrap_or_default()).map(|api_sys_code| vec![api_sys_code]); diff --git a/support/iam/src/console_interface/api/iam_ci_role_api.rs b/support/iam/src/console_interface/api/iam_ci_role_api.rs index d77e79c4e..0200a9260 100644 --- a/support/iam/src/console_interface/api/iam_ci_role_api.rs +++ b/support/iam/src/console_interface/api/iam_ci_role_api.rs @@ -1,6 +1,8 @@ -use crate::basic::dto::iam_role_dto::IamRoleRelAccountCertResp; +use crate::basic::dto::iam_filer_dto::IamRoleFilterReq; +use crate::basic::dto::iam_role_dto::{IamRoleRelAccountCertResp, IamRoleSummaryResp}; +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; use bios_basic::rbum::serv::rbum_crud_serv::RbumCrudOperation; -use bios_basic::rbum::serv::rbum_item_serv::RbumItemServ; +use bios_basic::rbum::serv::rbum_item_serv::{RbumItemCrudOperation, RbumItemServ}; use itertools::Itertools; use crate::basic::serv::iam_app_serv::IamAppServ; @@ -16,7 +18,7 @@ use tardis::web::context_extractor::TardisContextExtractor; use tardis::web::poem::Request; use tardis::web::poem_openapi; use tardis::web::poem_openapi::param::{Path, Query}; -use tardis::web::web_resp::{TardisApiResult, TardisResp, Void}; +use tardis::web::web_resp::{TardisApiResult, TardisPage, TardisResp, Void}; #[derive(Clone, Default)] pub struct IamCiRoleApi; @@ -27,9 +29,10 @@ pub struct IamCiRoleApi; #[poem_openapi::OpenApi(prefix_path = "/ci/role", tag = "bios_basic::ApiTag::Interface")] impl IamCiRoleApi { #[oai(path = "/verify/tenant/admin", method = "get")] - async fn get_verify_role_tenant_admin(&self, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn get_verify_role_tenant_admin(&self, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; let mut verify_tenant_admin = false; for role in &ctx.0.roles { if role.contains(&funs.iam_basic_role_tenant_admin_id()) { @@ -41,9 +44,10 @@ impl IamCiRoleApi { /// Batch add Role Rel Account #[oai(path = "/:id/account/batch/:account_ids", method = "put")] - async fn batch_add_rel_account(&self, id: Path, account_ids: Path, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn batch_add_rel_account(&self, id: Path, account_ids: Path, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; let app_id = IamAppServ::get_id_by_ctx(&ctx.0, &funs)?; let split = account_ids.0.split(',').collect::>(); @@ -58,9 +62,10 @@ impl IamCiRoleApi { /// Batch delete Role Rel Account #[oai(path = "/:id/account/batch/:account_ids", method = "delete")] - async fn batch_delete_rel_account(&self, id: Path, account_ids: Path, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn batch_delete_rel_account(&self, id: Path, account_ids: Path, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; let split = account_ids.0.split(',').collect::>(); for s in split { @@ -73,9 +78,10 @@ impl IamCiRoleApi { /// Delete Role Rel Account #[oai(path = "/:id/account/:account_id", method = "delete")] - async fn delete_rel_account(&self, id: Path, account_id: Path, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn delete_rel_account(&self, id: Path, account_id: Path, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; funs.begin().await?; IamRoleServ::delete_rel_account(&id.0, &account_id.0, Some(RBUM_SCOPE_LEVEL_APP), &funs, &ctx.0).await?; funs.commit().await?; @@ -90,9 +96,11 @@ impl IamCiRoleApi { id: Path, app_ids: Query, account_ids: Query, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult> { + let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; add_remote_ip(request, &ctx.0).await?; let ctx = ctx.0; let ctx_clone = ctx.clone(); @@ -132,12 +140,13 @@ impl IamCiRoleApi { id: Path, app_ids: Query, account_ids: Query, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult { + let mut funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; add_remote_ip(request, &ctx.0).await?; let ctx = ctx.0; - let mut funs = iam_constants::get_tardis_inst(); funs.begin().await?; let apps_split: Vec<&str> = app_ids.0.split(',').collect::>(); let account_split: Vec<&str> = account_ids.0.split(',').collect::>(); @@ -154,9 +163,10 @@ impl IamCiRoleApi { /// get Rel Account by role_code #[oai(path = "/:role_code/accounts", method = "get")] - async fn get_rel_accounts(&self, role_code: Path, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult> { - add_remote_ip(request, &ctx.0).await?; + async fn get_rel_accounts(&self, role_code: Path, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult> { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; let role_id = RbumItemServ::find_one_rbum( &RbumBasicFilterReq { code: Some(role_code.0), @@ -196,4 +206,51 @@ impl IamCiRoleApi { .collect_vec(); TardisResp::ok(result) } + + /// Find Roles + #[oai(path = "/", method = "get")] + async fn paginate( + &self, + id: Query>, + name: Query>, + app_id: Query>, + in_base: Query>, + in_embed: Query>, + extend_role_id: Query>, + with_sub: Query>, + page_number: Query, + page_size: Query, + desc_by_create: Query>, + desc_by_update: Query>, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult> { + let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + let ctx = IamCertServ::try_use_app_ctx(ctx.0, app_id.0)?; + add_remote_ip(request, &ctx).await?; + let result = IamRoleServ::paginate_items( + &IamRoleFilterReq { + basic: RbumBasicFilterReq { + ids: id.0.map(|id| vec![id]), + name: name.0, + with_sub_own_paths: with_sub.0.unwrap_or(false), + ..Default::default() + }, + in_base: in_base.0, + in_embed: in_embed.0, + extend_role_id: extend_role_id.0, + ..Default::default() + }, + page_number.0, + page_size.0, + desc_by_create.0, + desc_by_update.0, + &funs, + &ctx, + ) + .await?; + ctx.execute_task().await?; + TardisResp::ok(result) + } } diff --git a/support/iam/src/console_interface/api/iam_ci_system_api.rs b/support/iam/src/console_interface/api/iam_ci_system_api.rs index 05bd94bf8..f55eba4ac 100644 --- a/support/iam/src/console_interface/api/iam_ci_system_api.rs +++ b/support/iam/src/console_interface/api/iam_ci_system_api.rs @@ -1,6 +1,8 @@ +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; use bios_basic::process::task_processor::TaskProcessor; use tardis::serde_json::Value; use tardis::web::context_extractor::TardisContextExtractor; +use tardis::web::poem::Request; use tardis::web::poem_openapi; use tardis::web::poem_openapi::param::{Path, Query}; use tardis::web::poem_openapi::payload::Json; @@ -31,8 +33,9 @@ impl IamCiSystemApi { } #[oai(path = "/task/execute", method = "put")] - async fn execute_task_external(&self, cache_key: Query, task_id: Query, ctx: TardisContextExtractor) -> TardisApiResult { + async fn execute_task_external(&self, cache_key: Query, task_id: Query, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let task_id = TaskProcessor::execute_task_external( &cache_key.0, task_id.0, @@ -46,8 +49,9 @@ impl IamCiSystemApi { } #[oai(path = "/task/execute/stop/:task_ids", method = "delete")] - async fn stop_task_external(&self, cache_key: Query, task_ids: Path, ctx: TardisContextExtractor) -> TardisApiResult { + async fn stop_task_external(&self, cache_key: Query, task_ids: Path, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let task_ids = task_ids.0.split(','); for task_id in task_ids { let task_id = task_id.parse().map_err(|_| funs.err().format_error("system", "task", "task id format error", "406-iam-task-id-format"))?; @@ -65,8 +69,16 @@ impl IamCiSystemApi { } #[oai(path = "/task/process/:task_id", method = "put")] - async fn set_task_process_data(&self, cache_key: Query, task_id: Path, data: Json, ctx: TardisContextExtractor) -> TardisApiResult { + async fn set_task_process_data( + &self, + cache_key: Query, + task_id: Path, + data: Json, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; TaskProcessor::set_task_process_data( &cache_key.0, task_id.0, @@ -81,8 +93,9 @@ impl IamCiSystemApi { } #[oai(path = "/task/process/:task_id", method = "get")] - async fn get_task_process_data(&self, cache_key: Query, task_id: Path, ctx: TardisContextExtractor) -> TardisApiResult { + async fn get_task_process_data(&self, cache_key: Query, task_id: Path, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let data = TaskProcessor::get_task_process_data(&cache_key.0, task_id.0, &funs).await?; TardisResp::ok(data) } diff --git a/support/iam/src/console_interface/api/iam_ci_tenant_api.rs b/support/iam/src/console_interface/api/iam_ci_tenant_api.rs index 9e1a09f3e..f9c59da52 100644 --- a/support/iam/src/console_interface/api/iam_ci_tenant_api.rs +++ b/support/iam/src/console_interface/api/iam_ci_tenant_api.rs @@ -1,5 +1,6 @@ use std::collections::HashMap; +use bios_basic::helper::bios_ctx_helper::unsafe_fill_ctx; use bios_basic::helper::request_helper::add_remote_ip; use bios_basic::rbum::dto::rbum_filer_dto::{RbumBasicFilterReq, RbumItemRelFilterReq, RbumSetCateFilterReq, RbumSetItemRelFilterReq, RbumSetTreeFilterReq}; use bios_basic::rbum::dto::rbum_set_dto::RbumSetTreeMainResp; @@ -15,11 +16,9 @@ use tardis::web::{ }; use crate::basic::dto::iam_account_dto::{IamAccountDetailAggResp, IamAccountSummaryAggResp}; -use crate::basic::dto::iam_filer_dto::{IamAccountFilterReq, IamRoleFilterReq}; -use crate::basic::dto::iam_role_dto::IamRoleSummaryResp; +use crate::basic::dto::iam_filer_dto::IamAccountFilterReq; use crate::basic::serv::iam_account_serv::IamAccountServ; use crate::basic::serv::iam_cert_serv::IamCertServ; -use crate::basic::serv::iam_role_serv::IamRoleServ; use crate::basic::serv::iam_set_serv::IamSetServ; use crate::iam_enumeration::{IamRelKind, IamSetKind}; use crate::{ @@ -37,9 +36,10 @@ pub struct IamCiTenantApi; impl IamCiTenantApi { /// Get Current Tenant #[oai(path = "/", method = "get")] - async fn get(&self, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; + async fn get(&self, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + add_remote_ip(request, &ctx.0).await?; let result = IamTenantServ::get_tenant_agg(&IamTenantServ::get_id_by_ctx(&ctx.0, &funs)?, &IamTenantFilterReq::default(), &funs, &ctx.0).await?; ctx.0.execute_task().await?; TardisResp::ok(result) @@ -54,10 +54,11 @@ impl IamCiTenantApi { &self, parent_sys_code: Query>, set_id: Query>, - ctx: TardisContextExtractor, + mut ctx: TardisContextExtractor, request: &Request, ) -> TardisApiResult> { let funs = iam_constants::get_tardis_inst(); + unsafe_fill_ctx(request, &funs, &mut ctx.0)?; let ctx = IamSetServ::try_get_rel_ctx_by_set_id(set_id.0, &funs, ctx.0).await?; add_remote_ip(request, &ctx).await?; let set_id = IamSetServ::get_default_set_id_by_ctx(&IamSetKind::Org, &funs, &ctx).await?; @@ -77,179 +78,4 @@ impl IamCiTenantApi { ctx.execute_task().await?; TardisResp::ok(result.main) } - - /// Find Accounts - #[oai(path = "/accounts", method = "get")] - #[allow(clippy::too_many_arguments)] - async fn get_accounts( - &self, - ids: Query>, - name: Query>, - role_ids: Query>, - app_ids: Query>, - cate_ids: Query>, - status: Query>, - app_id: Query>, - with_sub: Query>, - page_number: Query, - page_size: Query, - desc_by_create: Query>, - desc_by_update: Query>, - ctx: TardisContextExtractor, - request: &Request, - ) -> TardisApiResult> { - let ctx = IamCertServ::try_use_app_ctx(ctx.0, app_id.0)?; - add_remote_ip(request, &ctx).await?; - let funs = iam_constants::get_tardis_inst(); - let rel = role_ids.0.map(|role_ids| { - let role_ids = role_ids.split(',').map(|r| r.to_string()).collect::>(); - RbumItemRelFilterReq { - rel_by_from: true, - tag: Some(IamRelKind::IamAccountRole.to_string()), - from_rbum_kind: Some(RbumRelFromKind::Item), - rel_item_ids: Some(role_ids), - own_paths: Some(ctx.own_paths.clone()), - ..Default::default() - } - }); - let rel2 = app_ids.0.map(|app_ids| { - let app_ids = app_ids.split(',').map(|r| r.to_string()).collect::>(); - RbumItemRelFilterReq { - rel_by_from: true, - tag: Some(IamRelKind::IamAccountApp.to_string()), - from_rbum_kind: Some(RbumRelFromKind::Item), - rel_item_ids: Some(app_ids), - own_paths: Some(ctx.own_paths.clone()), - ..Default::default() - } - }); - let set_rel = if let Some(cate_ids) = cate_ids.0 { - let cate_ids = cate_ids.split(',').map(|r| r.to_string()).collect::>(); - let set_cate_vec = IamSetServ::find_set_cate( - &RbumSetCateFilterReq { - basic: RbumBasicFilterReq { - own_paths: Some("".to_string()), - with_sub_own_paths: true, - ids: Some(cate_ids), - ..Default::default() - }, - ..Default::default() - }, - None, - None, - &funs, - &ctx, - ) - .await?; - Some(RbumSetItemRelFilterReq { - set_ids_and_cate_codes: Some( - set_cate_vec.into_iter().map(|sc| (sc.rel_rbum_set_id, sc.sys_code)).fold(HashMap::new(), |mut acc, (key, value)| { - acc.entry(key).or_default().push(value); - acc - }), - ), - with_sub_set_cate_codes: false, - ..Default::default() - }) - } else { - None - }; - let result = IamAccountServ::paginate_account_summary_aggs( - &IamAccountFilterReq { - basic: RbumBasicFilterReq { - ids: ids.0.map(|ids| ids.split(',').map(|id| id.to_string()).collect::>()), - name: name.0, - with_sub_own_paths: with_sub.0.unwrap_or(false), - enabled: status.0, - ..Default::default() - }, - rel, - rel2, - set_rel, - ..Default::default() - }, - false, - true, - page_number.0, - page_size.0, - desc_by_create.0, - desc_by_update.0, - &funs, - &ctx, - ) - .await?; - ctx.execute_task().await?; - TardisResp::ok(result) - } - - /// Get Account - #[oai(path = "/account/:id", method = "get")] - async fn get_account(&self, id: Path, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { - add_remote_ip(request, &ctx.0).await?; - let funs = iam_constants::get_tardis_inst(); - let result = IamAccountServ::get_account_detail_aggs( - &id.0, - &IamAccountFilterReq { - basic: RbumBasicFilterReq { - with_sub_own_paths: true, - ..Default::default() - }, - ..Default::default() - }, - false, - true, - &funs, - &ctx.0, - ) - .await?; - ctx.0.execute_task().await?; - TardisResp::ok(result) - } - - /// Find Roles - #[oai(path = "/roles", method = "get")] - async fn get_roles( - &self, - id: Query>, - name: Query>, - app_id: Query>, - in_base: Query>, - in_embed: Query>, - extend_role_id: Query>, - with_sub: Query>, - page_number: Query, - page_size: Query, - desc_by_create: Query>, - desc_by_update: Query>, - ctx: TardisContextExtractor, - request: &Request, - ) -> TardisApiResult> { - let ctx = IamCertServ::try_use_app_ctx(ctx.0, app_id.0)?; - add_remote_ip(request, &ctx).await?; - let funs = iam_constants::get_tardis_inst(); - let result = IamRoleServ::paginate_items( - &IamRoleFilterReq { - basic: RbumBasicFilterReq { - ids: id.0.map(|id| vec![id]), - name: name.0, - with_sub_own_paths: with_sub.0.unwrap_or(false), - ..Default::default() - }, - // kind: Some(IamRoleKind::Tenant), - in_base: in_base.0, - in_embed: in_embed.0, - extend_role_id: extend_role_id.0, - ..Default::default() - }, - page_number.0, - page_size.0, - desc_by_create.0, - desc_by_update.0, - &funs, - &ctx, - ) - .await?; - ctx.execute_task().await?; - TardisResp::ok(result) - } } diff --git a/support/iam/tests/test_ci_open.rs b/support/iam/tests/test_ci_open.rs index 0ff97fa9d..1c0da5d34 100644 --- a/support/iam/tests/test_ci_open.rs +++ b/support/iam/tests/test_ci_open.rs @@ -59,6 +59,15 @@ pub async fn test(context1: &TardisContext) -> TardisResult<()> { ) .await?; let cert_id = cert_resp.id; + let cert_resp2 = IamOpenServ::general_cert( + IamOpenAkSkAddReq { + tenant_id: context1.own_paths.clone(), + app_id: None, + }, + &funs, + context1, + ) + .await?; IamOpenServ::bind_cert_product_and_spec( &cert_id, &IamOpenBindAkProductReq {