5f187bb5d6
- Introduce SQLite persistence via GORM (stored at <data>/.ushare.db) - Add Role model with two built-in roles: admin (all perms) and user (upload only) - Add three permissions: user_manage, upload, token_manage (reserved) - Rewrite UserManager: DB-backed login with in-memory session tokens - Auto-seed default roles and admin user on first startup - Add AuthPermission middleware for fine-grained permission checks - Add /api/uauth/me endpoint for current session info - Add /api/admin/* CRUD routes for user and role management - Add admin console page (/admin) with user table and role permissions view - Show admin console link in share page for users with user_manage permission 🤖 Generated with [Qoder][https://qoder.com]
155 lines
3.6 KiB
Go
155 lines
3.6 KiB
Go
package controller
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/loveuer/nf/nft/log"
|
|
"github.com/loveuer/ushare/internal/model"
|
|
"github.com/loveuer/ushare/internal/opt"
|
|
"github.com/loveuer/ushare/internal/pkg/db"
|
|
"github.com/loveuer/ushare/internal/pkg/tool"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
type userManager struct {
|
|
sync.Mutex
|
|
ctx context.Context
|
|
sessions map[string]*model.Session
|
|
}
|
|
|
|
var UserManager = &userManager{
|
|
sessions: make(map[string]*model.Session),
|
|
}
|
|
|
|
func (um *userManager) seed(ctx context.Context) error {
|
|
// Seed default roles if they don't exist
|
|
defaultRoles := []model.Role{
|
|
{
|
|
Name: model.RoleAdmin,
|
|
Label: "管理员",
|
|
Permissions: strings.Join([]string{model.PermUserManage, model.PermUpload, model.PermTokenManage}, ","),
|
|
},
|
|
{
|
|
Name: model.RoleUser,
|
|
Label: "用户",
|
|
Permissions: model.PermUpload,
|
|
},
|
|
}
|
|
|
|
for i := range defaultRoles {
|
|
role := &defaultRoles[i]
|
|
var existing model.Role
|
|
if err := db.Default.Session(ctx).Where("name = ?", role.Name).First(&existing).Error; err != nil {
|
|
if err := db.Default.Session(ctx).Create(role).Error; err != nil {
|
|
return errors.Wrap(err, "seed role failed")
|
|
}
|
|
log.Debug("controller.userManager.seed: created role %s", role.Name)
|
|
}
|
|
}
|
|
|
|
// Seed default admin user only if no users exist
|
|
var count int64
|
|
db.Default.Session(ctx).Model(&model.User{}).Count(&count)
|
|
if count > 0 {
|
|
return nil
|
|
}
|
|
|
|
var adminRole model.Role
|
|
if err := db.Default.Session(ctx).Where("name = ?", model.RoleAdmin).First(&adminRole).Error; err != nil {
|
|
return errors.Wrap(err, "get admin role failed")
|
|
}
|
|
|
|
username := opt.Cfg.Username
|
|
if username == "" {
|
|
username = "admin"
|
|
}
|
|
|
|
// opt.Cfg.Password is already hashed by opt.Init(); store it directly.
|
|
adminUser := &model.User{
|
|
Username: username,
|
|
Password: opt.Cfg.Password,
|
|
RoleID: adminRole.ID,
|
|
Active: true,
|
|
}
|
|
|
|
if err := db.Default.Session(ctx).Create(adminUser).Error; err != nil {
|
|
return errors.Wrap(err, "seed admin user failed")
|
|
}
|
|
|
|
log.Debug("controller.userManager.seed: created admin user %s", username)
|
|
return nil
|
|
}
|
|
|
|
func (um *userManager) Login(username, password string) (*model.Session, error) {
|
|
now := time.Now()
|
|
|
|
user := new(model.User)
|
|
if err := db.Default.Session().
|
|
Where("username = ? AND active = ?", username, true).
|
|
Preload("Role").
|
|
First(user).Error; err != nil {
|
|
return nil, errors.New("账号或密码错误")
|
|
}
|
|
|
|
if !tool.ComparePassword(password, user.Password) {
|
|
return nil, errors.New("账号或密码错误")
|
|
}
|
|
|
|
session := &model.Session{
|
|
UserID: user.ID,
|
|
Username: user.Username,
|
|
Role: user.Role.Name,
|
|
RoleLabel: user.Role.Label,
|
|
Permissions: user.Role.PermissionList(),
|
|
LoginAt: now.Unix(),
|
|
Token: tool.RandomString(32),
|
|
}
|
|
|
|
um.Lock()
|
|
defer um.Unlock()
|
|
um.sessions[session.Token] = session
|
|
|
|
return session, nil
|
|
}
|
|
|
|
func (um *userManager) Verify(token string) (*model.Session, error) {
|
|
um.Lock()
|
|
defer um.Unlock()
|
|
|
|
session, ok := um.sessions[token]
|
|
if !ok {
|
|
return nil, errors.New("未登录或凭证已失效, 请重新登录")
|
|
}
|
|
|
|
return session, nil
|
|
}
|
|
|
|
func (um *userManager) Start(ctx context.Context) {
|
|
um.ctx = ctx
|
|
|
|
if err := um.seed(ctx); err != nil {
|
|
log.Fatal("controller.userManager.Start: seed failed: %s", err.Error())
|
|
}
|
|
|
|
go func() {
|
|
ticker := time.NewTicker(time.Minute)
|
|
for {
|
|
select {
|
|
case <-um.ctx.Done():
|
|
return
|
|
case now := <-ticker.C:
|
|
um.Lock()
|
|
for token, session := range um.sessions {
|
|
if now.Unix()-session.LoginAt > 8*3600 {
|
|
delete(um.sessions, token)
|
|
}
|
|
}
|
|
um.Unlock()
|
|
}
|
|
}
|
|
}()
|
|
}
|