JointCloud
/
JCS-pub
Not watched
1
0
Fork 0
Code
Releases 0 Wiki evaluate Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain HPC
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
925 Commits
3 Branches
118 MB
1 Download
Tree: 3d2499ebad
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3d2499ebad'
${ noResults }
JCS-pub/coordinator/internal/rpc/user.go

user.go 6.9 kB
Raw Normal View History

增加服务鉴权机制
5 months ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227 
  1. package rpc

  2. 

  3. import (

  4. 	"context"

  5. 	"crypto/ed25519"

  6. 	"encoding/hex"

  7. 	"fmt"

  8. 	"time"

  9. 

  10. 	"github.com/google/uuid"

  11. 	"gitlink.org.cn/cloudream/common/consts/errorcode"

  12. 	"gitlink.org.cn/cloudream/common/pkgs/logger"

  13. 	stgglb "gitlink.org.cn/cloudream/jcs-pub/common/globals"

  14. 	"gitlink.org.cn/cloudream/jcs-pub/common/pkgs/accesstoken"

  15. 	"gitlink.org.cn/cloudream/jcs-pub/common/pkgs/rpc"

  16. 	corrpc "gitlink.org.cn/cloudream/jcs-pub/common/pkgs/rpc/coordinator"

  17. 	hubrpc "gitlink.org.cn/cloudream/jcs-pub/common/pkgs/rpc/hub"

  18. 	"gitlink.org.cn/cloudream/jcs-pub/coordinator/internal/db"

  19. 	cortypes "gitlink.org.cn/cloudream/jcs-pub/coordinator/types"

  20. 	"golang.org/x/crypto/bcrypt"

  21. 	"gorm.io/gorm"

  22. )

  23. 

  24. func (svc *Service) UserLogin(ctx context.Context, msg *corrpc.UserLogin) (*corrpc.UserLoginResp, *rpc.CodeError) {

  25. 	log := logger.WithField("Account", msg.Account)

  26. 

  27. 	user, err := svc.db.User().GetByAccount(svc.db.DefCtx(), msg.Account)

  28. 	if err != nil {

  29. 		if err == gorm.ErrRecordNotFound {

  30. 			log.Warnf("account not found")

  31. 			return nil, rpc.Failed(errorcode.DataNotFound, "account not found")

  32. 		}

  33. 

  34. 		log.Warnf("getting account: %v", err)

  35. 		return nil, rpc.Failed(errorcode.OperationFailed, "getting account: %v", err)

  36. 	}

  37. 

  38. 	dbPass, err := hex.DecodeString(user.Password)

  39. 	if err != nil {

  40. 		log.Warnf("decoding password: %v", err)

  41. 		return nil, rpc.Failed(errorcode.OperationFailed, "decoding password: %v", err)

  42. 	}

  43. 

  44. 	if bcrypt.CompareHashAndPassword(dbPass, []byte(msg.Password)) != nil {

  45. 		log.Warnf("password not match")

  46. 		return nil, rpc.Failed(errorcode.Unauthorized, "password not match")

  47. 	}

  48. 

  49. 	pubKey, priKey, err := ed25519.GenerateKey(nil)

  50. 	if err != nil {

  51. 		log.Warnf("generating key: %v", err)

  52. 		return nil, rpc.Failed(errorcode.OperationFailed, "generating key: %v", err)

  53. 	}

  54. 

  55. 	pubKeyStr := hex.EncodeToString(pubKey)

  56. 	nowTime := time.Now()

  57. 	token := cortypes.UserAccessToken{

  58. 		UserID:    user.UserID,

  59. 		TokenID:   cortypes.AccessTokenID(uuid.NewString()),

  60. 		PublicKey: pubKeyStr,

  61. 		ExpiresAt: nowTime.Add(time.Hour),

  62. 		CreatedAt: nowTime,

  63. 	}

  64. 

  65. 	err = svc.db.UserAccessToken().Create(svc.db.DefCtx(), &token)

  66. 	if err != nil {

  67. 		log.Warnf("creating token: %v", err)

  68. 		return nil, rpc.Failed(errorcode.OperationFailed, "creating token: %v", err)

  69. 	}

  70. 

  71. 	log.Infof("login success, token expires at %v", token.ExpiresAt)

  72. 

  73. 	return &corrpc.UserLoginResp{

  74. 		Token:      token,

  75. 		PrivateKey: hex.EncodeToString(priKey),

  76. 	}, nil

  77. }

  78. 

  79. func (svc *Service) UserRefreshToken(ctx context.Context, msg *corrpc.UserRefreshToken) (*corrpc.UserRefreshTokenResp, *rpc.CodeError) {

  80. 	authInfo, ok := rpc.GetAuthInfo(ctx)

  81. 	if !ok {

  82. 		return nil, rpc.Failed(errorcode.Unauthorized, "unauthorized")

  83. 	}

  84. 

  85. 	log := logger.WithField("UserID", authInfo.UserID).WithField("TokenID", authInfo.AccessTokenID)

  86. 

  87. 	pubKey, priKey, err := ed25519.GenerateKey(nil)

  88. 	if err != nil {

  89. 		log.Warnf("generating key: %v", err)

  90. 		return nil, rpc.Failed(errorcode.OperationFailed, "generating key: %v", err)

  91. 	}

  92. 

  93. 	pubKeyStr := hex.EncodeToString(pubKey)

  94. 	nowTime := time.Now()

  95. 	token := cortypes.UserAccessToken{

  96. 		UserID:    authInfo.UserID,

  97. 		TokenID:   cortypes.AccessTokenID(uuid.NewString()),

  98. 		PublicKey: pubKeyStr,

  99. 		ExpiresAt: nowTime.Add(time.Hour),

  100. 		CreatedAt: nowTime,

  101. 	}

  102. 

  103. 	err = svc.db.UserAccessToken().Create(svc.db.DefCtx(), &token)

  104. 	if err != nil {

  105. 		log.Warnf("creating token: %v", err)

  106. 		return nil, rpc.Failed(errorcode.OperationFailed, "creating token: %v", err)

  107. 	}

  108. 

  109. 	log.Infof("refresh token success, new token expires at %v", token.ExpiresAt)

  110. 

  111. 	return &corrpc.UserRefreshTokenResp{

  112. 		Token:      token,

  113. 		PrivateKey: hex.EncodeToString(priKey),

  114. 	}, nil

  115. }

  116. 

  117. func (svc *Service) UserLogout(ctx context.Context, msg *corrpc.UserLogout) (*corrpc.UserLogoutResp, *rpc.CodeError) {

  118. 	authInfo, ok := rpc.GetAuthInfo(ctx)

  119. 	if !ok {

  120. 		return nil, rpc.Failed(errorcode.Unauthorized, "unauthorized")

  121. 	}

  122. 

  123. 	log := logger.WithField("UserID", authInfo.UserID).WithField("TokenID", authInfo.AccessTokenID)

  124. 

  125. 	loaded, err := db.DoTx02(svc.db, func(tx db.SQLContext) ([]cortypes.LoadedAccessToken, error) {

  126. 		token, err := svc.db.UserAccessToken().GetByID(tx, authInfo.UserID, authInfo.AccessTokenID)

  127. 		if err != nil {

  128. 			return nil, err

  129. 		}

  130. 

  131. 		err = svc.db.UserAccessToken().DeleteByID(tx, token.UserID, token.TokenID)

  132. 		if err != nil {

  133. 			return nil, err

  134. 		}

  135. 

  136. 		loaded, err := svc.db.LoadedAccessToken().GetByUserIDAndTokenID(tx, token.UserID, token.TokenID)

  137. 		if err != nil {

  138. 			return nil, err

  139. 		}

  140. 

  141. 		err = svc.db.LoadedAccessToken().DeleteAllByUserIDAndTokenID(tx, token.UserID, token.TokenID)

  142. 		if err != nil {

  143. 			return nil, err

  144. 		}

  145. 

  146. 		return loaded, nil

  147. 	})

  148. 	if err != nil {

  149. 		log.Warnf("delete access token: %v", err)

  150. 		if err == gorm.ErrRecordNotFound {

  151. 			return nil, rpc.Failed(errorcode.DataNotFound, "token not found")

  152. 		}

  153. 

  154. 		return nil, rpc.Failed(errorcode.OperationFailed, "delete access token: %v", err)

  155. 	}

  156. 

  157. 	svc.accessToken.NotifyTokenInvalid(accesstoken.CacheKey{

  158. 		UserID:  authInfo.UserID,

  159. 		TokenID: authInfo.AccessTokenID,

  160. 	})

  161. 

  162. 	var loadedHubIDs []cortypes.HubID

  163. 	for _, l := range loaded {

  164. 		loadedHubIDs = append(loadedHubIDs, l.HubID)

  165. 	}

  166. 

  167. 	svc.notifyLoadedHubs(authInfo.UserID, authInfo.AccessTokenID, loadedHubIDs)

  168. 

  169. 	return &corrpc.UserLogoutResp{}, nil

  170. }

  171. 

  172. func (svc *Service) notifyLoadedHubs(userID cortypes.UserID, tokenID cortypes.AccessTokenID, loadedHubIDs []cortypes.HubID) {

  173. 	log := logger.WithField("UserID", userID).WithField("TokenID", tokenID)

  174. 

  175. 	loadedHubs, err := svc.db.Hub().BatchGetByID(svc.db.DefCtx(), loadedHubIDs)

  176. 	if err != nil {

  177. 		log.Warnf("getting hubs: %v", err)

  178. 		return

  179. 	}

  180. 

  181. 	for _, l := range loadedHubs {

  182. 		addr, ok := l.Address.(*cortypes.GRPCAddressInfo)

  183. 		if !ok {

  184. 			continue

  185. 		}

  186. 

  187. 		cli := stgglb.HubRPCPool.Get(addr.ExternalIP, addr.ExternalGRPCPort)

  188. 		// 不关心返回值

  189. 		cli.NotifyUserAccessTokenInvalid(context.Background(), &hubrpc.NotifyUserAccessTokenInvalid{

  190. 			UserID:  userID,

  191. 			TokenID: tokenID,

  192. 		})

  193. 		cli.Release()

  194. 	}

  195. }

  196. 

  197. func (svc *Service) HubLoadAccessToken(ctx context.Context, msg *corrpc.HubLoadAccessToken) (*corrpc.HubLoadAccessTokenResp, *rpc.CodeError) {

  198. 	token, err := db.DoTx02(svc.db, func(tx db.SQLContext) (cortypes.UserAccessToken, error) {

  199. 		token, err := svc.db.UserAccessToken().GetByID(tx, msg.UserID, msg.TokenID)

  200. 		if err != nil {

  201. 			return cortypes.UserAccessToken{}, err

  202. 		}

  203. 

  204. 		err = svc.db.LoadedAccessToken().CreateOrUpdate(tx, cortypes.LoadedAccessToken{

  205. 			UserID:   msg.UserID,

  206. 			TokenID:  msg.TokenID,

  207. 			HubID:    msg.HubID,

  208. 			LoadedAt: time.Now(),

  209. 		})

  210. 		if err != nil {

  211. 			return cortypes.UserAccessToken{}, fmt.Errorf("creating access token loaded record: %v", err)

  212. 		}

  213. 

  214. 		return token, nil

  215. 	})

  216. 	if err != nil {

  217. 		if err == gorm.ErrRecordNotFound {

  218. 			return nil, rpc.Failed(errorcode.DataNotFound, "token not found")

  219. 		}

  220. 

  221. 		return nil, rpc.Failed(errorcode.OperationFailed, "loading access token: %v", err)

  222. 	}

  223. 

  224. 	return &corrpc.HubLoadAccessTokenResp{

  225. 		Token: token,

  226. 	}, nil

  227. }

本项目旨在将云际存储公共基础设施化,使个人及企业可低门槛使用高效的云际存储服务(安装开箱即用云际存储客户端即可,无需关注其他组件的部署),同时支持用户灵活便捷定制云际存储的功能细节。