119 lines
2.9 KiB
TypeScript
119 lines
2.9 KiB
TypeScript
import { app, assistantConfig } from '../app.ts';
|
|
import { authCache } from '@/module/cache/auth.ts';
|
|
|
|
import { logger } from '@/module/logger.ts';
|
|
const getTokenUser = async (token: string) => {
|
|
const query = assistantConfig.query
|
|
const res = await query.post({
|
|
path: 'user',
|
|
key: 'me',
|
|
token: token,
|
|
});
|
|
return res;
|
|
}
|
|
export const getTokenUserCache = async (token: string) => {
|
|
const tokenUser = await authCache.get(token);
|
|
if (tokenUser) {
|
|
return {
|
|
code: 200,
|
|
data: tokenUser,
|
|
};
|
|
}
|
|
const res = await getTokenUser(token);
|
|
if (res.code === 200) {
|
|
authCache.set(token, res.data);
|
|
}
|
|
return res;
|
|
}
|
|
export const checkAuth = async (ctx: any, isAdmin = false) => {
|
|
const config = assistantConfig.getConfig();
|
|
const { auth = {} } = config;
|
|
const token = ctx.query.token;
|
|
logger.debug('checkAuth', ctx.query, { token });
|
|
if (!token) {
|
|
return {
|
|
code: 401,
|
|
message: '未登录',
|
|
}
|
|
}
|
|
// 鉴权代理
|
|
let tokenUser = await authCache.get(token);
|
|
if (!tokenUser) {
|
|
const tokenUserRes = await getTokenUser(token);
|
|
if (tokenUserRes.code !== 200) {
|
|
return {
|
|
code: tokenUserRes.code,
|
|
message: '验证失败' + tokenUserRes.message,
|
|
}
|
|
} else {
|
|
tokenUser = tokenUserRes.data;
|
|
}
|
|
authCache.set(token, tokenUser);
|
|
}
|
|
ctx.state = {
|
|
...ctx.state,
|
|
token,
|
|
tokenUser,
|
|
};
|
|
const { username } = tokenUser;
|
|
if (!auth.username) {
|
|
// 初始管理员账号
|
|
auth.username = username;
|
|
assistantConfig.setConfig({ auth });
|
|
}
|
|
if (isAdmin && auth.username) {
|
|
const admins = config.auth?.admin || [];
|
|
let isCheckAdmin = false;
|
|
const admin = auth.username;
|
|
if (admin === username) {
|
|
isCheckAdmin = true;
|
|
}
|
|
if (!isCheckAdmin && admins.length > 0 && admins.includes(username)) {
|
|
isCheckAdmin = true;
|
|
}
|
|
if (!isCheckAdmin) {
|
|
return {
|
|
code: 403,
|
|
message: '非管理员用户',
|
|
}
|
|
}
|
|
}
|
|
return {
|
|
code: 200,
|
|
data: { tokenUser, token }
|
|
}
|
|
};
|
|
app
|
|
.route({
|
|
path: 'auth',
|
|
rid: 'auth',
|
|
description: '获取当前登录用户信息, 第一个登录的用户为管理员用户',
|
|
})
|
|
.define(async (ctx) => {
|
|
if (!ctx.query?.token && ctx.appId === app.appId) {
|
|
return;
|
|
}
|
|
const authResult = await checkAuth(ctx);
|
|
if (authResult.code !== 200) {
|
|
ctx.throw(authResult.code, authResult.message);
|
|
}
|
|
})
|
|
.addTo(app);
|
|
app
|
|
.route({
|
|
path: 'auth-admin',
|
|
rid: 'auth-admin',
|
|
description: '管理员鉴权, 获取用户信息,并验证是否为管理员。',
|
|
})
|
|
.define(async (ctx) => {
|
|
// logger.debug('query', ctx.query);
|
|
if (!ctx.query?.token && ctx.appId === app.appId) {
|
|
return;
|
|
}
|
|
ctx.state.isAdmin = true;
|
|
const authResult = await checkAuth(ctx, true);
|
|
if (authResult.code !== 200) {
|
|
ctx.throw(authResult.code, authResult.message);
|
|
}
|
|
})
|
|
.addTo(app); |