540 lines
11 KiB
Go
540 lines
11 KiB
Go
package models
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/toolkits/pkg/logger"
|
|
"github.com/toolkits/pkg/str"
|
|
"xorm.io/builder"
|
|
|
|
"github.com/didi/nightingale/v5/pkg/ierr"
|
|
)
|
|
|
|
type User struct {
|
|
Id int64 `json:"id"`
|
|
Username string `json:"username"`
|
|
Nickname string `json:"nickname"`
|
|
Password string `json:"-"`
|
|
Phone string `json:"phone"`
|
|
Email string `json:"email"`
|
|
Portrait string `json:"portrait"`
|
|
Status int `json:"status"`
|
|
RolesForDB string `json:"-" xorm:"'roles'"` // 这个字段写入数据库
|
|
RolesForFE []string `json:"roles" xorm:"-"` // 这个字段和前端交互
|
|
Contacts json.RawMessage `json:"contacts"` // 内容为 map[string]string 结构
|
|
CreateAt int64 `json:"create_at"`
|
|
CreateBy string `json:"create_by"`
|
|
UpdateAt int64 `json:"update_at"`
|
|
UpdateBy string `json:"update_by"`
|
|
}
|
|
|
|
func (u *User) TableName() string {
|
|
return "user"
|
|
}
|
|
|
|
func (u *User) Validate() error {
|
|
u.Username = strings.TrimSpace(u.Username)
|
|
|
|
if u.Username == "" {
|
|
return _e("Username is blank")
|
|
}
|
|
|
|
if str.Dangerous(u.Username) {
|
|
return _e("Username has invalid characters")
|
|
}
|
|
|
|
if str.Dangerous(u.Nickname) {
|
|
return _e("Nickname has invalid characters")
|
|
}
|
|
|
|
if u.Phone != "" && !str.IsPhone(u.Phone) {
|
|
return _e("Phone invalid")
|
|
}
|
|
|
|
if u.Email != "" && !str.IsMail(u.Email) {
|
|
return _e("Email invalid")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (u *User) Update(cols ...string) error {
|
|
if err := u.Validate(); err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err := DB.Where("id=?", u.Id).Cols(cols...).Update(u)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: update user fail: %v", err)
|
|
return internalServerError
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (u *User) Add() error {
|
|
num, err := DB.Where("username=?", u.Username).Count(new(User))
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: count user(%s) fail: %v", u.Username, err)
|
|
return internalServerError
|
|
}
|
|
|
|
if num > 0 {
|
|
return _e("Username %s already exists", u.Username)
|
|
}
|
|
|
|
return DBInsertOne(u)
|
|
}
|
|
|
|
func InitRoot() {
|
|
var u User
|
|
has, err := DB.Where("username=?", "root").Get(&u)
|
|
if err != nil {
|
|
fmt.Println("fatal: cannot query user root,", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
if has {
|
|
return
|
|
}
|
|
|
|
pass, err := CryptoPass("root.2020")
|
|
if err != nil {
|
|
fmt.Println("fatal: cannot crypto password,", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
now := time.Now().Unix()
|
|
|
|
u = User{
|
|
Username: "root",
|
|
Password: pass,
|
|
Nickname: "超管",
|
|
Portrait: "",
|
|
RolesForDB: "Admin",
|
|
Contacts: []byte("{}"),
|
|
CreateAt: now,
|
|
UpdateAt: now,
|
|
CreateBy: "system",
|
|
UpdateBy: "system",
|
|
}
|
|
|
|
_, err = DB.Insert(u)
|
|
if err != nil {
|
|
fmt.Println("fatal: cannot insert user root", err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
fmt.Println("user root init done")
|
|
}
|
|
|
|
func UserGetByUsername(username string) (*User, error) {
|
|
return UserGet("username=?", username)
|
|
}
|
|
|
|
func UserGetById(id int64) (*User, error) {
|
|
return UserGet("id=?", id)
|
|
}
|
|
|
|
func UserGet(where string, args ...interface{}) (*User, error) {
|
|
var obj User
|
|
has, err := DB.Where(where, args...).Get(&obj)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: query user(%s)%+v fail: %s", where, args, err)
|
|
return nil, internalServerError
|
|
}
|
|
|
|
if !has {
|
|
return nil, nil
|
|
}
|
|
|
|
obj.RolesForFE = strings.Fields(obj.RolesForDB)
|
|
|
|
return &obj, nil
|
|
}
|
|
|
|
func UserTotal(query string) (num int64, err error) {
|
|
if query != "" {
|
|
q := "%" + query + "%"
|
|
num, err = DB.Where("username like ? or nickname like ? or phone like ? or email like ?", q, q, q, q).Count(new(User))
|
|
} else {
|
|
num, err = DB.Count(new(User))
|
|
}
|
|
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: count user(query: %s) fail: %v", query, err)
|
|
return num, internalServerError
|
|
}
|
|
|
|
return num, nil
|
|
}
|
|
|
|
func UserGets(query string, limit, offset int) ([]User, error) {
|
|
session := DB.Limit(limit, offset).OrderBy("username")
|
|
if query != "" {
|
|
q := "%" + query + "%"
|
|
session = session.Where("username like ? or nickname like ? or phone like ? or email like ?", q, q, q, q)
|
|
}
|
|
|
|
var users []User
|
|
err := session.Find(&users)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: select user(query: %s) fail: %v", query, err)
|
|
return users, internalServerError
|
|
}
|
|
|
|
if len(users) == 0 {
|
|
return []User{}, nil
|
|
}
|
|
|
|
for i := 0; i < len(users); i++ {
|
|
users[i].RolesForFE = strings.Fields(users[i].RolesForDB)
|
|
}
|
|
|
|
return users, nil
|
|
}
|
|
|
|
func UserGetAll() ([]User, error) {
|
|
var users []User
|
|
|
|
err := DB.Find(&users)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: select user fail: %v", err)
|
|
return users, internalServerError
|
|
}
|
|
|
|
if len(users) == 0 {
|
|
return []User{}, nil
|
|
}
|
|
|
|
for i := 0; i < len(users); i++ {
|
|
users[i].RolesForFE = strings.Fields(users[i].RolesForDB)
|
|
}
|
|
|
|
return users, nil
|
|
}
|
|
|
|
func UserGetsByIds(ids []int64) ([]User, error) {
|
|
if len(ids) == 0 {
|
|
return []User{}, nil
|
|
}
|
|
|
|
var users []User
|
|
err := DB.In("id", ids).OrderBy("username").Find(&users)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: query users by ids fail: %v", err)
|
|
return users, internalServerError
|
|
}
|
|
|
|
if len(users) == 0 {
|
|
return []User{}, nil
|
|
}
|
|
|
|
for i := 0; i < len(users); i++ {
|
|
users[i].RolesForFE = strings.Fields(users[i].RolesForDB)
|
|
}
|
|
|
|
return users, nil
|
|
}
|
|
|
|
func UserGetsByIdsStr(ids []string) ([]User, error) {
|
|
var users []User
|
|
|
|
err := DB.Where("id in (" + strings.Join(ids, ",") + ")").Find(&users)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: UserGetsByIds fail: %v", err)
|
|
return nil, internalServerError
|
|
}
|
|
|
|
if len(users) == 0 {
|
|
return []User{}, nil
|
|
}
|
|
|
|
for i := 0; i < len(users); i++ {
|
|
users[i].RolesForFE = strings.Fields(users[i].RolesForDB)
|
|
}
|
|
|
|
return users, nil
|
|
}
|
|
|
|
func PassLogin(username, pass string) (*User, error) {
|
|
user, err := UserGetByUsername(username)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if user == nil {
|
|
logger.Infof("password auth fail, no such user: %s", username)
|
|
return nil, loginFailError
|
|
}
|
|
|
|
loginPass, err := CryptoPass(pass)
|
|
if err != nil {
|
|
return nil, internalServerError
|
|
}
|
|
|
|
if loginPass != user.Password {
|
|
logger.Infof("password auth fail, password error, user: %s", username)
|
|
return nil, loginFailError
|
|
}
|
|
|
|
return user, nil
|
|
}
|
|
|
|
func LdapLogin(username, pass string) (*User, error) {
|
|
sr, err := ldapReq(username, pass)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
user, err := UserGetByUsername(username)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if user == nil {
|
|
// default user settings
|
|
user = &User{
|
|
Username: username,
|
|
Nickname: username,
|
|
}
|
|
}
|
|
|
|
// copy attributes from ldap
|
|
attrs := LDAP.Attributes
|
|
if attrs.Nickname != "" {
|
|
user.Nickname = sr.Entries[0].GetAttributeValue(attrs.Nickname)
|
|
}
|
|
if attrs.Email != "" {
|
|
user.Email = sr.Entries[0].GetAttributeValue(attrs.Email)
|
|
}
|
|
if attrs.Phone != "" {
|
|
user.Phone = sr.Entries[0].GetAttributeValue(attrs.Phone)
|
|
}
|
|
|
|
if user.Id > 0 {
|
|
if LDAP.CoverAttributes {
|
|
_, err := DB.Where("id=?", user.Id).Update(user)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: update user %+v fail: %v", user, err)
|
|
return nil, internalServerError
|
|
}
|
|
}
|
|
return user, nil
|
|
}
|
|
|
|
now := time.Now().Unix()
|
|
|
|
user.Password = "******"
|
|
user.Portrait = "/img/linux.jpeg"
|
|
user.RolesForDB = "Standard"
|
|
user.RolesForFE = []string{"Standard"}
|
|
user.Contacts = []byte("{}")
|
|
user.CreateAt = now
|
|
user.UpdateAt = now
|
|
user.CreateBy = "ldap"
|
|
user.UpdateBy = "ldap"
|
|
|
|
err = DBInsertOne(user)
|
|
return user, err
|
|
}
|
|
|
|
func (u *User) ChangePassword(oldpass, newpass string) error {
|
|
_oldpass, err := CryptoPass(oldpass)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_newpass, err := CryptoPass(newpass)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if u.Password != _oldpass {
|
|
return _e("Incorrect old password")
|
|
}
|
|
|
|
u.Password = _newpass
|
|
return u.Update("password")
|
|
}
|
|
|
|
func (u *User) _del() error {
|
|
session := DB.NewSession()
|
|
defer session.Close()
|
|
|
|
if err := session.Begin(); err != nil {
|
|
return err
|
|
}
|
|
|
|
if _, err := session.Exec("DELETE FROM user_token WHERE user_id=?", u.Id); err != nil {
|
|
return err
|
|
}
|
|
|
|
if _, err := session.Exec("DELETE FROM user_group_member WHERE user_id=?", u.Id); err != nil {
|
|
return err
|
|
}
|
|
|
|
if _, err := session.Exec("DELETE FROM classpath_favorite WHERE user_id=?", u.Id); err != nil {
|
|
return err
|
|
}
|
|
|
|
if _, err := session.Exec("DELETE FROM alert_rule_group_favorite WHERE user_id=?", u.Id); err != nil {
|
|
return err
|
|
}
|
|
|
|
if _, err := session.Exec("DELETE FROM user WHERE id=?", u.Id); err != nil {
|
|
return err
|
|
}
|
|
|
|
return session.Commit()
|
|
}
|
|
|
|
func (u *User) Del() error {
|
|
err := u._del()
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: delete user(%d, %s) fail: %v", u.Id, u.Username, err)
|
|
return internalServerError
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (u *User) FavoriteClasspathIds() ([]int64, error) {
|
|
return ClasspathFavoriteGetClasspathIds(u.Id)
|
|
}
|
|
|
|
func (u *User) FavoriteAlertRuleGroupIds() ([]int64, error) {
|
|
return AlertRuleGroupFavoriteGetGroupIds(u.Id)
|
|
}
|
|
|
|
func (u *User) FavoriteDashboardIds() ([]int64, error) {
|
|
return DashboardFavoriteGetDashboardIds(u.Id)
|
|
}
|
|
|
|
// UserGroupIds 我是成员的用户组ID列表
|
|
func (u *User) UserGroupIds() ([]int64, error) {
|
|
var ids []int64
|
|
err := DB.Table(new(UserGroupMember)).Select("group_id").Where("user_id=?", u.Id).Find(&ids)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: query user_group_member fail: %v", err)
|
|
return ids, internalServerError
|
|
}
|
|
|
|
return ids, nil
|
|
}
|
|
|
|
func (u *User) FavoriteClasspaths() ([]Classpath, error) {
|
|
ids, err := u.FavoriteClasspathIds()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var objs []Classpath
|
|
err = DB.In("id", ids).OrderBy("path").Find(&objs)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: query my classpath fail: %v", err)
|
|
return nil, internalServerError
|
|
}
|
|
|
|
if len(objs) == 0 {
|
|
return []Classpath{}, nil
|
|
}
|
|
|
|
return objs, nil
|
|
}
|
|
|
|
func (u *User) FavoriteAlertRuleGroups() ([]AlertRuleGroup, error) {
|
|
ids, err := u.FavoriteAlertRuleGroupIds()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var objs []AlertRuleGroup
|
|
err = DB.In("id", ids).OrderBy("name").Find(&objs)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: query my alert_rule_group fail: %v", err)
|
|
return nil, internalServerError
|
|
}
|
|
|
|
if len(objs) == 0 {
|
|
return []AlertRuleGroup{}, nil
|
|
}
|
|
|
|
return objs, nil
|
|
}
|
|
|
|
func (u *User) MyUserGroups() ([]UserGroup, error) {
|
|
cond := builder.NewCond()
|
|
cond = cond.And(builder.Eq{"create_by": u.Username})
|
|
|
|
ids, err := u.UserGroupIds()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(ids) > 0 {
|
|
cond = cond.Or(builder.In("id", ids))
|
|
}
|
|
|
|
var objs []UserGroup
|
|
err = DB.Where(cond).OrderBy("name").Find(&objs)
|
|
if err != nil {
|
|
logger.Errorf("mysql.error: query my user_group fail: %v", err)
|
|
return nil, internalServerError
|
|
}
|
|
|
|
if len(objs) == 0 {
|
|
return []UserGroup{}, nil
|
|
}
|
|
|
|
return objs, nil
|
|
}
|
|
|
|
func (u *User) CanModifyUserGroup(ug *UserGroup) (bool, error) {
|
|
// 我是管理员,自然可以
|
|
roles := strings.Fields(u.RolesForDB)
|
|
for i := 0; i < len(roles); i++ {
|
|
if roles[i] == "Admin" {
|
|
return true, nil
|
|
}
|
|
}
|
|
|
|
// 我是创建者,自然可以
|
|
if ug.CreateBy == u.Username {
|
|
return true, nil
|
|
}
|
|
|
|
// 我是成员,也可以吧,简单搞
|
|
num, err := UserGroupMemberCount("user_id=? and group_id=?", u.Id, ug.Id)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
return num > 0, nil
|
|
}
|
|
|
|
func (u *User) CanDo(op string) (bool, error) {
|
|
roles := strings.Fields(u.RolesForDB)
|
|
for i := 0; i < len(roles); i++ {
|
|
if roles[i] == "Admin" {
|
|
return true, nil
|
|
}
|
|
}
|
|
|
|
return RoleHasOperation(roles, op)
|
|
}
|
|
|
|
// MustPerm return *User for link program
|
|
func (u *User) MustPerm(op string) *User {
|
|
can, err := u.CanDo(op)
|
|
ierr.Dangerous(err, 500)
|
|
|
|
if !can {
|
|
ierr.Bomb(403, "forbidden")
|
|
}
|
|
|
|
return u
|
|
}
|