2023-11-20 07:38:39 +00:00
|
|
|
|
//访问控制规则:
|
|
|
|
|
|
//针对如果是DOIP请求的调用
|
|
|
|
|
|
//仅包括Repo.doipRetrive
|
|
|
|
|
|
//Registry的publish/subscribe不做访问控制
|
|
|
|
|
|
//如果是HTTP请求的调用
|
|
|
|
|
|
//管理员具有所有权限
|
|
|
|
|
|
//一些”写入接口“添加权限检查
|
2023-11-17 13:37:42 +00:00
|
|
|
|
module DOAuth {
|
2023-11-20 07:38:39 +00:00
|
|
|
|
function initDOAuth(req, createParam, doipFunctions) {
|
|
|
|
|
|
Global.owner = req;
|
|
|
|
|
|
Global.doipFunctions = doipFunctions;
|
|
|
|
|
|
Global.accessInfo = RocksDBUtil.loadDB("accessControl", "false");
|
|
|
|
|
|
}
|
|
|
|
|
|
function isOwner(req) {
|
|
|
|
|
|
return req == Global.owner;
|
|
|
|
|
|
}
|
|
|
|
|
|
function doipAccessCheck(argPack) {
|
|
|
|
|
|
print("in doipAcceccCheck, requester:" + argPack.requester);
|
|
|
|
|
|
var stored = Global.accessInfo.get(argPack.arg.header.identifier);
|
|
|
|
|
|
return stored == argPack.requester;
|
|
|
|
|
|
}
|
|
|
|
|
|
function checkByManager(action) {
|
|
|
|
|
|
return Global.doipFunctions.indexOf(action) == - 1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-11-17 13:37:42 +00:00
|
|
|
|
@Description("针对某一DO,添加用户的访问权限")
|
|
|
|
|
|
@ArgSchema({
|
|
|
|
|
|
"doId" : "string", "publicKey" : "string"
|
|
|
|
|
|
})
|
|
|
|
|
|
export function addAuthedUser(arg) {
|
2023-11-20 07:38:39 +00:00
|
|
|
|
//把requester和 arg.doId放到accessInfo里即可。
|
|
|
|
|
|
Global.accessInfo.put(arg.doId, arg.publicKey);
|
2023-11-17 13:37:42 +00:00
|
|
|
|
return {
|
|
|
|
|
|
"code" : 0
|
|
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-11-20 07:38:39 +00:00
|
|
|
|
function acceptJudgementInternal(argPack) {
|
|
|
|
|
|
if (checkByManager(argPack.action)){
|
|
|
|
|
|
return isOwner(argPack.requester);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
return doipAccessCheck(argPack);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
function acceptJudgement(argPack) {
|
|
|
|
|
|
if (! acceptJudgementInternal(argPack)){
|
|
|
|
|
|
print("acceptJudgement, requester:" + argPack.requester + "false!!");
|
|
|
|
|
|
YancloudUtil.exceptionReturn({
|
|
|
|
|
|
"code" : 401, "msg" : "no permission: " + argPack.action
|
|
|
|
|
|
});
|
|
|
|
|
|
} else print("acceptJudgement, requester:" + argPack.requester + "true!!");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-11-17 13:37:42 +00:00
|
|
|
|
@Description("针对某一DO,删除用户的访问权限")
|
|
|
|
|
|
@ArgSchema({
|
|
|
|
|
|
"doId" : "string", "publicKey" : "string"
|
|
|
|
|
|
})
|
|
|
|
|
|
export function deleteAuthedUser(arg) {
|
|
|
|
|
|
return {
|
|
|
|
|
|
"code" : 0
|
|
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Description("针对某一DO,添加节点的访问权限,所有调用进带该节点授权的用户均可访问")
|
|
|
|
|
|
@ArgSchema({
|
|
|
|
|
|
"doId" : "string", "publicKey" : "string"
|
|
|
|
|
|
})
|
|
|
|
|
|
export function addAuthedNode(arg) {
|
|
|
|
|
|
return {
|
|
|
|
|
|
"code" : 0
|
|
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Description("针对某一DO,删除节点的访问权限")
|
|
|
|
|
|
@ArgSchema({
|
|
|
|
|
|
"doId" : "string", "publicKey" : "string"
|
|
|
|
|
|
})
|
|
|
|
|
|
export function deleteAuthedNode(arg) {
|
|
|
|
|
|
return {
|
|
|
|
|
|
"code" : 0
|
|
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
