feat: multi publicKey access control

2023-11-22 16:30:56 +08:00 · 2023-11-22 16:30:56 +08:00 · 8619858f05
commit 8619858f05
parent 3fce2450fd
1 changed files with 47 additions and 5 deletions
--- a/access-control-template/actemplate/IODAC.yjs
+++ b/access-control-template/actemplate/IODAC.yjs
@ -10,14 +10,15 @@ module DOAuth {
        Global.owner = req;
        Global.doipFunctions = doipFunctions;
        Global.accessInfo = RocksDBUtil.loadDB("accessControl", "false");
+        Global.userInfo = RocksDBUtil.loadDB("authedUserInfo", "false");
+        Global.nodeInfo = RocksDBUtil.loadDB("authedNodeInfo", "false");
    }
    function isOwner(req) {
        return req == Global.owner;
    }
    function doipAccessCheck(argPack) {
        print("in doipAcceccCheck, requester:" + argPack.requester);
-        var stored = Global.accessInfo.get(argPack.arg.header.identifier);
-        return stored == argPack.requester;
+        return hasDBSetItem(Global.accessInfo, argPack.arg.header.identifier, argPack.requester);
    }
    function checkByManager(action) {
        return Global.doipFunctions.indexOf(action) == - 1;
@ -25,11 +26,14 @@ module DOAuth {

    @Description("针对某一DO，添加用户的访问权限")
    @ArgSchema({
-        "doId" : "string", "publicKey" : "string"
+        "doId" : "string", "publicKey" : "string", "info": "string"
    })
    export function addAuthedUser(arg) {
    //把requester和 arg.doId放到accessInfo里即可。
-        Global.accessInfo.put(arg.doId, arg.publicKey);
+        addDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
+        if(arg.info != null) {
+            Global.userInfo.put(arg.publicKey, arg.info);
+        }
        return {
            "code" : 0
        };
@ -56,6 +60,7 @@ module DOAuth {
        "doId" : "string", "publicKey" : "string"
    })
    export function deleteAuthedUser(arg) {
+        deleteDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
        return {
            "code" : 0
        };
@ -63,9 +68,13 @@ module DOAuth {

    @Description("针对某一DO，添加节点的访问权限，所有调用进带该节点授权的用户均可访问")
    @ArgSchema({
-        "doId" : "string", "publicKey" : "string"
+        "doId" : "string", "publicKey" : "string", "info" : "string"
    })
    export function addAuthedNode(arg) {
+        addDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
+        if(arg.info != null) {
+            Global.nodeInfo.put(arg.publicKey, arg.info);
+        }
        return {
            "code" : 0
        };
@ -77,8 +86,41 @@ module DOAuth {
        "doId" : "string", "publicKey" : "string"
    })
    export function deleteAuthedNode(arg) {
+        deleteDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
        return {
            "code" : 0
        };
    }
+
+    function getDBSet(db, key) {
+        var saved = db.get(key);
+        if (saved == null) {
+            saved = "[]";
+        }
+        return JSON.parse(saved);
+    }
+
+    function addDBSetItem(db, key, value) {
+        var savedSet = getDBSet(db, key);
+        if (savedSet.indexOf(value) === -1) {
+            savedSet.push(value);
+            var saved = JSON.stringify(savedSet);
+            db.put(key, saved);
+        }
+    }
+
+    function deleteDBSetItem(db, key, value) {
+        var savedSet = getDBSet(db, key);
+        var index = savedSet.indexOf(value);
+        if (index !== -1) {
+            savedSet.splice(index, 1);
+            var saved = JSON.stringify(savedSet);
+            db.put(key, saved);
+        }
+    }
+
+    function hasDBSetItem(db, key, value) {
+        var savedSet = getDBSet(db, key);
+        return savedSet.indexOf(value) !== -1;
+    }
 }