Merge pull request #66 from bihell/dev

Dev
bihell · Jan 27, 2020 · ef6a6b2 · ef6a6b2
2 parents b5f74c8 + 9e9b808
commit ef6a6b2
Show file tree

Hide file tree

Showing 22 changed files with 241 additions and 430 deletions.
diff --git a/dice-auth/lua/api_check.lua b/dice-auth/lua/api_check.lua
@@ -110,22 +110,6 @@ local function init_post_args()
         -- json
         post_args_body = json.decode(ngx.req.get_body_data())
     end
-
-    --local post_args_str = string_utils:sort_and_join_kv(post_args_body, "&")
-    --post_args_str = string_utils:try_decode(post_args_body, max_decode_time)
-    --if type(post_args_body) == "table" then
-    --    -- 获取post中的json用ngx.req.get_body_data()
-    --    local json = require("cjson.safe")
-    --
-    --
-    --    decode_body = string_utils:try_decode(post_args_sort, max_decode_time)
-    --else
-    --    -- 获取post中的formdata用ngx.req.get_post_args()
-    --    if string_utils:string_not_empty(post_args_body) then
-    --
-    --    end
-    --end
-    --end
     return post_args_body
 end
 
@@ -187,7 +171,7 @@ end
 
 local function query_secret_key(partner_code)
     local db = db_utils.get_db()
-    local sql = string.format('select secret_key from system_user where status=1 and partner_code="%s"', partner_code)
+    local sql = string.format('select secret_key from system_user where deleted=0 and partner_code="%s"', partner_code)
     local res, err, errno, sqlstate = db:query(sql)
     if not res[1] then
         db_utils.close_db(db)
@@ -199,63 +183,6 @@ local function query_secret_key(partner_code)
     local res_data = res[1]
     return res_data.secret_key
 
-    --local cache = ngx.shared.partner_secret_key
-    --
-    --local secret_cache_key = cache_key .. ":" .. partner_code .. ":" .. partner_code
-    --
-    --local secret_key = ""
-    --
-    --if nil ~= cache then
-    --    secret_key = cache_client:get_cache(cache, secret_cache_key)
-    --end
-    --
-    --if string_utils:string_empty(secret_key) then
-    --    ngx.log(ngx.INFO, string.format("start prepare cache p:%s ....", partner_code))
-    --    -- TODO: fusing mechanism
-    --    local ret, db_object = pcall(function()
-    --        return db_util.get_db()
-    --    end
-    --    )
-    --    if not ret then
-    --        ngx.log(ngx.ERR, "db connection has error")
-    --        return "", true
-    --    end
-    --
-    --    // TODO
-    --local quote_partner_code = ngx.quote_sql_str(partner_code)
-    --local res, err, errno, sqlstate = db_object:query(string.format('select secret_key from system_user where status=1 and partner_code="%s"', quote_partner_code))
-    --if nil ~= err then
-    ---- TODO: fusing mechanism
-    --pcall(close_db, db_object)
-    --ngx.log(ngx.ERR, "sql has error")
-    --return "", true
-    --end
-    --if #res <= 0 then
-    --if nil ~= cache then
-    --cache_client:set_cache(cache, secret_cache_key, "", cache_expire_second)
-    --end
-    ---- TODO: fusing mechanism
-    --pcall(close_db, db_object)
-    --ngx.log(ngx.ERR, "unauthorized")
-    --return "", false
-    --end
-    --
-    --secret_key = res[1].secret_key
-    --
-    --local ret, return_value = pcall(close_db, db_object)
-    --
-    --if not ret then
-    --ngx.log(ngx.ERR, "db connection has error")
-    --end
-    --
-    --if nil ~= cache then
-    --cache_client:set_cache(cache, secret_cache_key, secret_key, cache_expire_second)
-    --end
-    --
-    --ngx.log(ngx.INFO, string.format("end prepare cache p:%s ....", partner_code))
-    --end
-    --return secret_key, false
-    --return "bi-token-2017"
 end
 
 local function check_timestamp(time)
@@ -307,26 +234,6 @@ function _M.check_api_sign()
 
     -- 获取uri上的参数，不支持编码后的url
     local uri_args = ngx.req.get_uri_args()
-    --local query_args = ngx.req.get_uri_args()
-    --if string_utils:string_not_empty(ngx.var.args) then
-    --    local equal_symbol_index = string.find(ngx.var.args, '&', 1)
-    --    if not equal_symbol_index then
-    --        local convert_query_args = string_utils:try_decode(ngx.var.args, 1)
-    --        convert_query_args = string.gsub(convert_query_args, '&', ',')
-    --        local convert1 = string_utils:split(convert_query_args, ',')
-    --        local args_table = {}
-    --        for i, v in ipairs(convert1) do
-    --            local tmp = convert1[i]
-    --            local equal_symbol_index = string.find(tmp, '=', 1)
-    --            if equal_symbol_index > 1 then
-    --                local key = string.sub(tmp, 1, equal_symbol_index - 1)
-    --                local value = string.sub(tmp, equal_symbol_index + 1, string.len(tmp))
-    --                args_table[key] = value
-    --            end
-    --        end
-    --        query_args = args_table
-    --    end
-    --end
 
     local body_args = init_post_args()
 
@@ -335,11 +242,6 @@ function _M.check_api_sign()
 
     local secret_key = query_secret_key(partner_code)
 
-    --if nil ~= interrupt and interrupt then
-    --    ngx.log(ngx.ERR, "has db error, skip check")
-    --    return ngx.exit(0)
-    --end
-
     --check secret key validation
     if string_utils:string_empty(secret_key) then
         ngx.log(ngx.ERR, "invalid secret_key")

diff --git a/dice-auth/lua/auth_check.lua b/dice-auth/lua/auth_check.lua
@@ -54,7 +54,7 @@ json.encode_sparse_array(true)
 ngx.log(ngx.INFO, 'project_type: ' .. project_type .. ' access_uri: ' .. access_uri .. ' content_type: ' .. content_type)
 -- 先校验是不是管理员
 local db = db_utils.get_db()
-local sql = string.format('select 1 from auth_rel_role_user t join auth_role t1 on t.role_id=t1.role_id and t1.role_type=1 and t1.status=1 and t1.project_type="%s" where t.user_id=%s and t.status=1 limit 1', project_type, user_id)
+local sql = string.format('select 1 from auth_rel_role_user t join auth_role t1 on t.role_id=t1.role_id and t1.role_type=1 and t1.deleted=0 and t1.project_type="%s" where t.user_id=%s and t.deleted=0 limit 1', project_type, user_id)
 ngx.log(ngx.INFO, '执行SQL查询: ' .. sql)
 local res, err, errno, sqlstate = db:query(sql)
 -- 当前系统的管理员
@@ -73,7 +73,7 @@ end
 if func.start_with(ngx.var.uri, '/api') or string.find(content_type, 'application/json') or project_type == 'stbp' or string.find(ngx.var.uri, '/v%d') then
     --接口类别权限
     -- 获取用户所有接口权限，根据item查找
-    sql = string.format('select 1 from (SELECT 1 FROM auth_api t1 join auth_rel_item_api t2 on t1.api_id=t2.api_id and t2.status=1 join auth_item t3 on t2.item_id=t3.item_id and t3.status=1 join auth_rel_role_item t4 on t3.item_id=t4.item_id and t4.status=1 join auth_rel_role_user t5 on t4.role_id=t5.role_id and t5.status=1 where t1.status=1 and "%s" like concat(t1.api_path,"%%") and t1.project_type="%s" and t5.user_id=%s union all select 1 from auth_api t1 join auth_rel_item_api t2 on t1.api_id=t2.api_id and t2.status=1 join auth_item t3 on t2.item_id=t3.item_id and t3.status=1 join auth_classes t4 on t3.classes_id=t4.classes_id and t4.status=1 join auth_group t5 on t4.group_id=t5.group_id and t5.status=1 join auth_role t6 on t5.project_type=t6.project_type and t6.status=1 and t6.role_type=1 join auth_rel_role_user t7 on t6.role_id=t7.role_id where t1.status=1 and "%s" like concat(t1.api_path,"%%") and t1.project_type="%s" and t7.user_id=%s) t limit 1', access_uri, project_type, user_id, access_uri, project_type, user_id)
+    sql = string.format('select 1 from (SELECT 1 FROM auth_api t1 join auth_rel_item_api t2 on t1.api_id=t2.api_id and t2.deleted=0 join auth_item t3 on t2.item_id=t3.item_id and t3.deleted=0 join auth_rel_role_item t4 on t3.item_id=t4.item_id and t4.deleted=0 join auth_rel_role_user t5 on t4.role_id=t5.role_id and t5.deleted=0 where t1.deleted=0 and "%s" like concat(t1.api_path,"%%") and t1.project_type="%s" and t5.user_id=%s union all select 1 from auth_api t1 join auth_rel_item_api t2 on t1.api_id=t2.api_id and t2.deleted=0 join auth_item t3 on t2.item_id=t3.item_id and t3.deleted=0 join auth_classes t4 on t3.classes_id=t4.classes_id and t4.deleted=0 join auth_group t5 on t4.group_id=t5.group_id and t5.deleted=0 join auth_role t6 on t5.project_type=t6.project_type and t6.deleted=0 and t6.role_type=1 join auth_rel_role_user t7 on t6.role_id=t7.role_id where t1.deleted=0 and "%s" like concat(t1.api_path,"%%") and t1.project_type="%s" and t7.user_id=%s) t limit 1', access_uri, project_type, user_id, access_uri, project_type, user_id)
     ngx.log(ngx.INFO, '执行SQL查询: ' .. sql)
 
     res, err, errno, sqlstate = db:query(sql)

diff --git a/dice-auth/lua/get_group_info.lua b/dice-auth/lua/get_group_info.lua
@@ -14,14 +14,14 @@ end
 
 -- 如果是管理员，返回所有菜单和权限项
 local db = db_utils.get_db()
-local sql = string.format('select 1 from auth_rel_role_user t join auth_role t1 on t.role_id=t1.role_id and t1.role_type=1 and t1.status=1 and t1.project_type="%s" where t.user_id=%s and t.status=1 limit 1', project_type, user_id)
+local sql = string.format('select 1 from auth_rel_role_user t join auth_role t1 on t.role_id=t1.role_id and t1.role_type=1 and t1.deleted=0 and t1.project_type="%s" where t.user_id=%s and t.deleted=0 limit 1', project_type, user_id)
 ngx.log(ngx.INFO, '执行SQL查询: ' .. sql)
 local res, err, errno, sqlstate = db:query(sql)
 -- 当前系统的管理员
 if res and res[1] then
-    sql = string.format('select t.group_id g_group_id,t.group_name g_group_name,t.group_url g_group_url,t.project_type g_project_type,t.order g_order,t.is_display g_is_display,t.style g_style,t1.classes_id c_classes_id,t1.classes_name c_classes_name,t1.classes_url c_classes_url,t1.order c_order,t1.is_display c_is_display,t1.style c_style,t2.item_id i_item_id,t2.item_name i_item_name,t2.item_code i_item_code,t2.order i_order,t2.style i_style,t2.outer_url i_outer_url from auth_group t join auth_classes t1 on t1.group_id=t.group_id and t1.status=1 join auth_item t2 on t2.classes_id=t1.classes_id and t2.status=1 where t.status=1 and t.project_type="%s" order by t.order,t1.order,t2.order', project_type)
+    sql = string.format('select t.group_id g_group_id,t.group_name g_group_name,t.group_url g_group_url,t.project_type g_project_type,t.order g_order,t.is_display g_is_display,t.style g_style,t1.classes_id c_classes_id,t1.classes_name c_classes_name,t1.classes_url c_classes_url,t1.order c_order,t1.is_display c_is_display,t1.style c_style,t2.item_id i_item_id,t2.item_name i_item_name,t2.item_code i_item_code,t2.order i_order,t2.style i_style,t2.outer_url i_outer_url from auth_group t join auth_classes t1 on t1.group_id=t.group_id and t1.deleted=0 join auth_item t2 on t2.classes_id=t1.classes_id and t2.deleted=0 where t.deleted=0 and t.project_type="%s" order by t.order,t1.order,t2.order', project_type)
 else
-    sql = string.format('select t.group_id g_group_id,t.group_name g_group_name,t.group_url g_group_url,t.project_type g_project_type,t.order g_order,t.is_display g_is_display,t.style g_style,t1.classes_id c_classes_id,t1.classes_name c_classes_name,t1.classes_url c_classes_url,t1.order c_order,t1.is_display c_is_display,t1.style c_style,t2.item_id i_item_id,t2.item_name i_item_name,t2.item_code i_item_code,t2.order i_order,t2.style i_style,t2.outer_url i_outer_url from auth_group t join auth_classes t1 on t1.group_id=t.group_id and t1.status=1 join auth_item t2 on t2.classes_id=t1.classes_id and t2.status=1 join auth_rel_role_item t3 on t3.item_id=t2.item_id and t3.status=1 join auth_rel_role_user t4 on t4.role_id=t3.role_id and t4.status=1 where t.status=1 and t.project_type="%s" and t4.user_id=%s order by t.order,t1.order,t2.order', project_type, user_id)
+    sql = string.format('select t.group_id g_group_id,t.group_name g_group_name,t.group_url g_group_url,t.project_type g_project_type,t.order g_order,t.is_display g_is_display,t.style g_style,t1.classes_id c_classes_id,t1.classes_name c_classes_name,t1.classes_url c_classes_url,t1.order c_order,t1.is_display c_is_display,t1.style c_style,t2.item_id i_item_id,t2.item_name i_item_name,t2.item_code i_item_code,t2.order i_order,t2.style i_style,t2.outer_url i_outer_url from auth_group t join auth_classes t1 on t1.group_id=t.group_id and t1.deleted=0 join auth_item t2 on t2.classes_id=t1.classes_id and t2.deleted=0 join auth_rel_role_item t3 on t3.item_id=t2.item_id and t3.deleted=0 join auth_rel_role_user t4 on t4.role_id=t3.role_id and t4.deleted=0 where t.deleted=0 and t.project_type="%s" and t4.user_id=%s order by t.order,t1.order,t2.order', project_type, user_id)
 end
 ngx.log(ngx.INFO, '执行SQL查询: ' .. sql)
 
@@ -110,7 +110,7 @@ end
 
 table.sort(group_list, comp)
 
-ngx.status = 200
+ngx.deleted = 200
 ngx.header.content_type = "application/json; charset=utf-8";
 ngx.say(string.format('{"code":0,"msg":null,"data":%s,"success":true}', json.encode(group_list)))
 ngx.exit(ngx.OK)
diff --git a/dice-docker/dice-openresty/lua/api_check.lua b/dice-docker/dice-openresty/lua/api_check.lua
@@ -111,21 +111,6 @@ local function init_post_args()
         post_args_body = json.decode(ngx.req.get_body_data())
     end
 
-    --local post_args_str = string_utils:sort_and_join_kv(post_args_body, "&")
-    --post_args_str = string_utils:try_decode(post_args_body, max_decode_time)
-    --if type(post_args_body) == "table" then
-    --    -- 获取post中的json用ngx.req.get_body_data()
-    --    local json = require("cjson.safe")
-    --
-    --
-    --    decode_body = string_utils:try_decode(post_args_sort, max_decode_time)
-    --else
-    --    -- 获取post中的formdata用ngx.req.get_post_args()
-    --    if string_utils:string_not_empty(post_args_body) then
-    --
-    --    end
-    --end
-    --end
     return post_args_body
 end
 
@@ -187,7 +172,7 @@ end
 
 local function query_secret_key(partner_code)
     local db = db_utils.get_db()
-    local sql = string.format('select secret_key from system_user where status=1 and partner_code="%s"', partner_code)
+    local sql = string.format('select secret_key from system_user where deleted=0 and partner_code="%s"', partner_code)
     local res, err, errno, sqlstate = db:query(sql)
     if not res[1] then
         db_utils.close_db(db)
@@ -198,64 +183,6 @@ local function query_secret_key(partner_code)
 
     local res_data = res[1]
     return res_data.secret_key
-
-    --local cache = ngx.shared.partner_secret_key
-    --
-    --local secret_cache_key = cache_key .. ":" .. partner_code .. ":" .. partner_code
-    --
-    --local secret_key = ""
-    --
-    --if nil ~= cache then
-    --    secret_key = cache_client:get_cache(cache, secret_cache_key)
-    --end
-    --
-    --if string_utils:string_empty(secret_key) then
-    --    ngx.log(ngx.INFO, string.format("start prepare cache p:%s ....", partner_code))
-    --    -- TODO: fusing mechanism
-    --    local ret, db_object = pcall(function()
-    --        return db_util.get_db()
-    --    end
-    --    )
-    --    if not ret then
-    --        ngx.log(ngx.ERR, "db connection has error")
-    --        return "", true
-    --    end
-    --
-    --    // TODO
-    --local quote_partner_code = ngx.quote_sql_str(partner_code)
-    --local res, err, errno, sqlstate = db_object:query(string.format('select secret_key from system_user where status=1 and partner_code="%s"', quote_partner_code))
-    --if nil ~= err then
-    ---- TODO: fusing mechanism
-    --pcall(close_db, db_object)
-    --ngx.log(ngx.ERR, "sql has error")
-    --return "", true
-    --end
-    --if #res <= 0 then
-    --if nil ~= cache then
-    --cache_client:set_cache(cache, secret_cache_key, "", cache_expire_second)
-    --end
-    ---- TODO: fusing mechanism
-    --pcall(close_db, db_object)
-    --ngx.log(ngx.ERR, "unauthorized")
-    --return "", false
-    --end
-    --
-    --secret_key = res[1].secret_key
-    --
-    --local ret, return_value = pcall(close_db, db_object)
-    --
-    --if not ret then
-    --ngx.log(ngx.ERR, "db connection has error")
-    --end
-    --
-    --if nil ~= cache then
-    --cache_client:set_cache(cache, secret_cache_key, secret_key, cache_expire_second)
-    --end
-    --
-    --ngx.log(ngx.INFO, string.format("end prepare cache p:%s ....", partner_code))
-    --end
-    --return secret_key, false
-    --return "bi-token-2017"
 end
 
 local function check_timestamp(time)
@@ -307,39 +234,10 @@ function _M.check_api_sign()
 
     -- 获取uri上的参数，不支持编码后的url
     local uri_args = ngx.req.get_uri_args()
-    --local query_args = ngx.req.get_uri_args()
-    --if string_utils:string_not_empty(ngx.var.args) then
-    --    local equal_symbol_index = string.find(ngx.var.args, '&', 1)
-    --    if not equal_symbol_index then
-    --        local convert_query_args = string_utils:try_decode(ngx.var.args, 1)
-    --        convert_query_args = string.gsub(convert_query_args, '&', ',')
-    --        local convert1 = string_utils:split(convert_query_args, ',')
-    --        local args_table = {}
-    --        for i, v in ipairs(convert1) do
-    --            local tmp = convert1[i]
-    --            local equal_symbol_index = string.find(tmp, '=', 1)
-    --            if equal_symbol_index > 1 then
-    --                local key = string.sub(tmp, 1, equal_symbol_index - 1)
-    --                local value = string.sub(tmp, equal_symbol_index + 1, string.len(tmp))
-    --                args_table[key] = value
-    --            end
-    --        end
-    --        query_args = args_table
-    --    end
-    --end
-
     local body_args = init_post_args()
-
     -- 待签名字符串
     local check_sign_str = generate_sign_string(timestamp, partner_code, body_args, uri_args)
-
     local secret_key = query_secret_key(partner_code)
-
-    --if nil ~= interrupt and interrupt then
-    --    ngx.log(ngx.ERR, "has db error, skip check")
-    --    return ngx.exit(0)
-    --end
-
     --check secret key validation
     if string_utils:string_empty(secret_key) then
         ngx.log(ngx.ERR, "invalid secret_key")