Skip to content

Commit

Permalink
iam:fix third-kind cert.
Browse files Browse the repository at this point in the history
  • Loading branch information
ljl committed Aug 3, 2024
1 parent 0440df1 commit e13486b
Show file tree
Hide file tree
Showing 4 changed files with 140 additions and 13 deletions.
16 changes: 16 additions & 0 deletions backend/supports/iam/src/basic/dto/iam_cert_dto.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,8 @@ pub struct IamCertPhoneVCodeBindReq {

#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)]
pub struct IamThirdPartyCertExtAddReq {
#[oai(validator(min_length = "2", max_length = "255"))]
pub rel_rbum_id: String,
#[oai(validator(min_length = "2", max_length = "255"))]
pub ak: String,
#[oai(validator(min_length = "1", max_length = "255"))]
Expand All @@ -124,6 +126,20 @@ pub struct IamThirdPartyCertExtAddReq {
pub sk: Option<String>,
pub ext: Option<String>,
}

#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)]
pub struct IamThirdPartyCertExtModifyReq {
#[oai(validator(min_length = "2", max_length = "255"))]
pub rel_rbum_id: String,
#[oai(validator(min_length = "2", max_length = "255"))]
pub ak: String,
#[oai(validator(min_length = "1", max_length = "255"))]
pub supplier: String,
#[oai(validator(min_length = "2", max_length = "10000"))]
pub sk: Option<String>,
pub ext: Option<String>,
}

#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)]
pub struct IamThirdIntegrationSyncAddReq {
pub account_sync_from: IamCertExtKind,
Expand Down
89 changes: 86 additions & 3 deletions backend/supports/iam/src/basic/serv/iam_cert_serv.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@ use bios_basic::helper::request_helper::{add_ip, get_real_ip_from_ctx};
use bios_basic::process::task_processor::TaskProcessor;
use bios_basic::rbum::dto::rbum_rel_agg_dto::RbumRelAggAddReq;
use bios_basic::rbum::serv::rbum_rel_serv::RbumRelServ;
use itertools::Itertools;
use std::collections::{HashMap, HashSet};
use std::sync::Arc;
use std::time::Duration;
use std::vec;
use tardis::basic::dto::TardisContext;
use tardis::basic::field::TrimString;
use tardis::basic::result::TardisResult;
Expand Down Expand Up @@ -35,7 +37,7 @@ use crate::basic::dto::iam_cert_conf_dto::{
};
use crate::basic::dto::iam_cert_dto::{
IamCertManageAddReq, IamCertManageModifyReq, IamCertModifyVisibilityRequest, IamThirdIntegrationConfigDto, IamThirdIntegrationSyncAddReq, IamThirdIntegrationSyncStatusDto,
IamThirdPartyCertExtAddReq,
IamThirdPartyCertExtAddReq, IamThirdPartyCertExtModifyReq,
};
use crate::basic::dto::iam_filer_dto::{IamAccountFilterReq, IamResFilterReq, IamRoleFilterReq};
use crate::basic::serv::iam_account_serv::IamAccountServ;
Expand Down Expand Up @@ -554,7 +556,7 @@ impl IamCertServ {
Ok(())
}

pub async fn add_3th_kind_cert(add_req: &mut IamThirdPartyCertExtAddReq, account_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<String> {
pub async fn add_3th_kind_cert(add_req: &mut IamThirdPartyCertExtAddReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<String> {
let id = RbumCertServ::add_rbum(
&mut RbumCertAddReq {
ak: TrimString(add_req.ak.trim().to_string()),
Expand All @@ -570,7 +572,7 @@ impl IamCertServ {
status: RbumCertStatusKind::Enabled,
rel_rbum_cert_conf_id: None,
rel_rbum_kind: RbumCertRelKind::Item,
rel_rbum_id: account_id.to_string(),
rel_rbum_id: add_req.rel_rbum_id.clone(),
is_outside: true,
ignore_check_sk: false,
},
Expand All @@ -581,6 +583,27 @@ impl IamCertServ {
Ok(id)
}

pub async fn modify_3th_kind_cert(modify_req: &mut IamThirdPartyCertExtModifyReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
let cert_3th = Self::get_3th_kind_cert_by_rel_rbum_id(&modify_req.rel_rbum_id, vec![modify_req.supplier.clone()], false, funs, ctx).await?;
RbumCertServ::modify_rbum(
&cert_3th.id,
&mut RbumCertModifyReq {
ak: Some(TrimString(modify_req.ak.trim().to_string())),
sk: modify_req.sk.as_ref().map(|sk| TrimString(sk.trim().to_string())),
sk_invisible: None,
conn_uri: None,
ignore_check_sk: false,
ext: modify_req.ext.clone(),
start_time: None,
end_time: None,
status: None,
},
funs,
ctx,
)
.await
}

/// Get general cert method \
/// if cert_conf_id is Some then use cert_conf_id as query param \
/// otherwise use kind、cert_supplier as query param
Expand Down Expand Up @@ -859,6 +882,66 @@ impl IamCertServ {
}
}

/// 通过关联id获取所有相关三方凭证
pub async fn find_3th_kind_cert_by_rel_rbum_id(
rel_rbum_id: &str,
supplier: Option<Vec<String>>,
show_sk: bool,
funs: &TardisFunsInst,
ctx: &TardisContext,
) -> TardisResult<Vec<RbumCertSummaryWithSkResp>> {
let mut find_cert = vec![];
let query_cert = RbumCertServ::find_detail_rbums(
&RbumCertFilterReq {
basic: RbumBasicFilterReq {
own_paths: Some("".to_string()),
with_sub_own_paths: true,
..Default::default()
},
status: Some(RbumCertStatusKind::Enabled),
kind: Some(IamCertExtKind::ThirdParty.to_string()),
suppliers: supplier,
rel_rbum_id: Some(rel_rbum_id.to_string()),
..Default::default()
},
None,
None,
funs,
ctx,
)
.await?;
for ext_cert in query_cert {
let encoded_sk = if show_sk {
let now_sk = RbumCertServ::show_sk(ext_cert.id.as_str(), &RbumCertFilterReq::default(), funs, ctx).await?;
encode_cert(&ext_cert.id, now_sk, ext_cert.sk_invisible)?
} else {
"".to_string()
};
find_cert.push(RbumCertSummaryWithSkResp {
id: ext_cert.id,
ak: ext_cert.ak,
sk: encoded_sk,
sk_invisible: ext_cert.sk_invisible,
ext: ext_cert.ext,
conn_uri: ext_cert.conn_uri,
start_time: ext_cert.start_time,
end_time: ext_cert.end_time,
status: ext_cert.status,
kind: ext_cert.kind,
supplier: ext_cert.supplier,
rel_rbum_cert_conf_id: ext_cert.rel_rbum_cert_conf_id,
rel_rbum_cert_conf_name: ext_cert.rel_rbum_cert_conf_name,
rel_rbum_kind: ext_cert.rel_rbum_kind,
rel_rbum_id: ext_cert.rel_rbum_id,
own_paths: ext_cert.own_paths,
owner: ext_cert.owner,
create_time: ext_cert.create_time,
update_time: ext_cert.update_time,
});
}
Ok(find_cert)
}

pub async fn paginate_certs(
filter: &RbumCertFilterReq,
page_number: u32,
Expand Down
46 changes: 37 additions & 9 deletions backend/supports/iam/src/console_interface/api/iam_ci_cert_api.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ use std::collections::HashMap;

use crate::basic::dto::iam_account_dto::IamAccountExtSysResp;
use crate::basic::dto::iam_cert_conf_dto::IamCertConfLdapResp;
use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertAkSkResp, IamCertDecodeRequest, IamOauth2AkSkResp, IamThirdPartyCertExtAddReq};
use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertAkSkResp, IamCertDecodeRequest, IamOauth2AkSkResp, IamThirdPartyCertExtAddReq, IamThirdPartyCertExtModifyReq};
use crate::basic::serv::iam_account_serv::IamAccountServ;
use crate::basic::serv::iam_cert_ldap_serv::IamCertLdapServ;
use crate::basic::serv::iam_cert_serv::IamCertServ;
Expand Down Expand Up @@ -164,24 +164,52 @@ impl IamCiCertApi {
/// Add Third-kind Cert
///
/// 添加第三方证书
#[oai(path = "/third-kind", method = "post")]
async fn add_third_cert(&self, mut add_req: Json<IamThirdPartyCertExtAddReq>, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult<Void> {
let mut funs = iam_constants::get_tardis_inst();
check_without_owner_and_unsafe_fill_ctx(request, &funs, &mut ctx.0)?;
try_set_real_ip_from_req_to_ctx(request, &ctx.0).await?;
funs.begin().await?;
IamCertServ::add_3th_kind_cert(&mut add_req.0, &funs, &ctx.0).await?;
funs.commit().await?;
ctx.0.execute_task().await?;
TardisResp::ok(Void {})
}

/// modify Third-kind Cert
///
/// 修改第三方证书
#[oai(path = "/third-kind", method = "put")]
async fn add_third_cert(
&self,
account_id: Query<String>,
mut add_req: Json<IamThirdPartyCertExtAddReq>,
mut ctx: TardisContextExtractor,
request: &Request,
) -> TardisApiResult<Void> {
async fn modify_third_cert(&self, mut modify_req: Json<IamThirdPartyCertExtModifyReq>, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult<Void> {
let mut funs = iam_constants::get_tardis_inst();
check_without_owner_and_unsafe_fill_ctx(request, &funs, &mut ctx.0)?;
try_set_real_ip_from_req_to_ctx(request, &ctx.0).await?;
funs.begin().await?;
IamCertServ::add_3th_kind_cert(&mut add_req.0, &account_id.0, &funs, &ctx.0).await?;
IamCertServ::modify_3th_kind_cert(&mut modify_req.0, &funs, &ctx.0).await?;
funs.commit().await?;
ctx.0.execute_task().await?;
TardisResp::ok(Void {})
}

/// find Third-kind Certs By Account Id
///
/// 根据账号id获取第三方证书
#[oai(path = "/find/third-kind", method = "get")]
async fn find_third_cert(
&self,
account_id: Query<String>,
supplier: Query<String>,
mut ctx: TardisContextExtractor,
request: &Request,
) -> TardisApiResult<Vec<RbumCertSummaryWithSkResp>> {
let funs = iam_constants::get_tardis_inst();
check_without_owner_and_unsafe_fill_ctx(request, &funs, &mut ctx.0)?;
try_set_real_ip_from_req_to_ctx(request, &ctx.0).await?;
let rbum_cert = IamCertServ::find_3th_kind_cert_by_rel_rbum_id(&account_id.0, Some(vec![supplier.0]), true, &funs, &ctx.0).await?;
ctx.0.execute_task().await?;
TardisResp::ok(rbum_cert)
}

/// Get Third-kind Certs By Account Id
///
/// 根据账号id获取第三方证书
Expand Down
2 changes: 1 addition & 1 deletion backend/supports/iam/tests/test_cc_cert.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,8 +174,8 @@ async fn test_single_level(context: &TardisContext, ak: &str, another_context: &
supplier: Some("gitlab".to_string()),
sk: Some("ssssssssss".to_string()),
ext: None,
rel_rbum_id: account_info.account_id.clone(),
},
&account_info.account_id,
&funs,
context,
)
Expand Down

0 comments on commit e13486b

Please sign in to comment.