From 8619858f0505f694619171c2694348d1bfccf178 Mon Sep 17 00:00:00 2001 From: wangxuxin Date: Wed, 22 Nov 2023 16:30:56 +0800 Subject: [PATCH] feat: multi publicKey access control --- access-control-template/actemplate/IODAC.yjs | 52 ++++++++++++++++++-- 1 file changed, 47 insertions(+), 5 deletions(-) diff --git a/access-control-template/actemplate/IODAC.yjs b/access-control-template/actemplate/IODAC.yjs index e2eefd5..3ab9715 100644 --- a/access-control-template/actemplate/IODAC.yjs +++ b/access-control-template/actemplate/IODAC.yjs @@ -10,14 +10,15 @@ module DOAuth { Global.owner = req; Global.doipFunctions = doipFunctions; Global.accessInfo = RocksDBUtil.loadDB("accessControl", "false"); + Global.userInfo = RocksDBUtil.loadDB("authedUserInfo", "false"); + Global.nodeInfo = RocksDBUtil.loadDB("authedNodeInfo", "false"); } function isOwner(req) { return req == Global.owner; } function doipAccessCheck(argPack) { print("in doipAcceccCheck, requester:" + argPack.requester); - var stored = Global.accessInfo.get(argPack.arg.header.identifier); - return stored == argPack.requester; + return hasDBSetItem(Global.accessInfo, argPack.arg.header.identifier, argPack.requester); } function checkByManager(action) { return Global.doipFunctions.indexOf(action) == - 1; @@ -25,11 +26,14 @@ module DOAuth { @Description("针对某一DO,添加用户的访问权限") @ArgSchema({ - "doId" : "string", "publicKey" : "string" + "doId" : "string", "publicKey" : "string", "info": "string" }) export function addAuthedUser(arg) { //把requester和 arg.doId放到accessInfo里即可。 - Global.accessInfo.put(arg.doId, arg.publicKey); + addDBSetItem(Global.accessInfo, arg.doId, arg.publicKey); + if(arg.info != null) { + Global.userInfo.put(arg.publicKey, arg.info); + } return { "code" : 0 }; @@ -56,6 +60,7 @@ module DOAuth { "doId" : "string", "publicKey" : "string" }) export function deleteAuthedUser(arg) { + deleteDBSetItem(Global.accessInfo, arg.doId, arg.publicKey); return { "code" : 0 }; @@ -63,9 +68,13 @@ module DOAuth { @Description("针对某一DO,添加节点的访问权限,所有调用进带该节点授权的用户均可访问") @ArgSchema({ - "doId" : "string", "publicKey" : "string" + "doId" : "string", "publicKey" : "string", "info" : "string" }) export function addAuthedNode(arg) { + addDBSetItem(Global.accessInfo, arg.doId, arg.publicKey); + if(arg.info != null) { + Global.nodeInfo.put(arg.publicKey, arg.info); + } return { "code" : 0 }; @@ -77,8 +86,41 @@ module DOAuth { "doId" : "string", "publicKey" : "string" }) export function deleteAuthedNode(arg) { + deleteDBSetItem(Global.accessInfo, arg.doId, arg.publicKey); return { "code" : 0 }; } + + function getDBSet(db, key) { + var saved = db.get(key); + if (saved == null) { + saved = "[]"; + } + return JSON.parse(saved); + } + + function addDBSetItem(db, key, value) { + var savedSet = getDBSet(db, key); + if (savedSet.indexOf(value) === -1) { + savedSet.push(value); + var saved = JSON.stringify(savedSet); + db.put(key, saved); + } + } + + function deleteDBSetItem(db, key, value) { + var savedSet = getDBSet(db, key); + var index = savedSet.indexOf(value); + if (index !== -1) { + savedSet.splice(index, 1); + var saved = JSON.stringify(savedSet); + db.put(key, saved); + } + } + + function hasDBSetItem(db, key, value) { + var savedSet = getDBSet(db, key); + return savedSet.indexOf(value) !== -1; + } } \ No newline at end of file