songchunqiao/ControlProxy
1
0
Fork 0
forked from iod/ControlProxy
Code Pull Requests Activity

feat: multi publicKey access control

Browse Source
This commit is contained in:
Xuxin Wang 2023-11-22 16:30:56 +08:00
parent 3fce2450fd
commit 8619858f05
1 changed files with 47 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
access-control-template/actemplate/IODAC.yjs
View File

@ -10,14 +10,15 @@ module DOAuth {
Global.owner = req; Global.owner = req;
Global.doipFunctions = doipFunctions; Global.doipFunctions = doipFunctions;
Global.accessInfo = RocksDBUtil.loadDB("accessControl", "false"); Global.accessInfo = RocksDBUtil.loadDB("accessControl", "false");
Global.userInfo = RocksDBUtil.loadDB("authedUserInfo", "false");
Global.nodeInfo = RocksDBUtil.loadDB("authedNodeInfo", "false");
} }
function isOwner(req) { function isOwner(req) {
return req == Global.owner; return req == Global.owner;
} }
function doipAccessCheck(argPack) { function doipAccessCheck(argPack) {
print("in doipAcceccCheck, requester:" + argPack.requester); print("in doipAcceccCheck, requester:" + argPack.requester);
var stored = Global.accessInfo.get(argPack.arg.header.identifier); return hasDBSetItem(Global.accessInfo, argPack.arg.header.identifier, argPack.requester);
return stored == argPack.requester;
} }
function checkByManager(action) { function checkByManager(action) {
return Global.doipFunctions.indexOf(action) == - 1; return Global.doipFunctions.indexOf(action) == - 1;
@ -25,11 +26,14 @@ module DOAuth {
@Description("针对某一DO添加用户的访问权限") @Description("针对某一DO添加用户的访问权限")
@ArgSchema({ @ArgSchema({
"doId" : "string", "publicKey" : "string" "doId" : "string", "publicKey" : "string", "info": "string"
}) })
export function addAuthedUser(arg) { export function addAuthedUser(arg) {
//把requester和 arg.doId放到accessInfo里即可。 //把requester和 arg.doId放到accessInfo里即可。
Global.accessInfo.put(arg.doId, arg.publicKey); addDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
if(arg.info != null) {
Global.userInfo.put(arg.publicKey, arg.info);
}
return { return {
"code" : 0 "code" : 0
}; };
@ -56,6 +60,7 @@ module DOAuth {
"doId" : "string", "publicKey" : "string" "doId" : "string", "publicKey" : "string"
}) })
export function deleteAuthedUser(arg) { export function deleteAuthedUser(arg) {
deleteDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
return { return {
"code" : 0 "code" : 0
}; };
@ -63,9 +68,13 @@ module DOAuth {
@Description("针对某一DO添加节点的访问权限所有调用进带该节点授权的用户均可访问") @Description("针对某一DO添加节点的访问权限所有调用进带该节点授权的用户均可访问")
@ArgSchema({ @ArgSchema({
"doId" : "string", "publicKey" : "string" "doId" : "string", "publicKey" : "string", "info" : "string"
}) })
export function addAuthedNode(arg) { export function addAuthedNode(arg) {
addDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
if(arg.info != null) {
Global.nodeInfo.put(arg.publicKey, arg.info);
}
return { return {
"code" : 0 "code" : 0
}; };
@ -77,8 +86,41 @@ module DOAuth {
"doId" : "string", "publicKey" : "string" "doId" : "string", "publicKey" : "string"
}) })
export function deleteAuthedNode(arg) { export function deleteAuthedNode(arg) {
deleteDBSetItem(Global.accessInfo, arg.doId, arg.publicKey);
return { return {
"code" : 0 "code" : 0
}; };
} }
function getDBSet(db, key) {
var saved = db.get(key);
if (saved == null) {
saved = "[]";
}
return JSON.parse(saved);
}
function addDBSetItem(db, key, value) {
var savedSet = getDBSet(db, key);
if (savedSet.indexOf(value) === -1) {
savedSet.push(value);
var saved = JSON.stringify(savedSet);
db.put(key, saved);
}
}
function deleteDBSetItem(db, key, value) {
var savedSet = getDBSet(db, key);
var index = savedSet.indexOf(value);
if (index !== -1) {
savedSet.splice(index, 1);
var saved = JSON.stringify(savedSet);
db.put(key, saved);
}
}
function hasDBSetItem(db, key, value) {
var savedSet = getDBSet(db, key);
return savedSet.indexOf(value) !== -1;
}
} }