Skip to content

Commit

Permalink
feat: 云研发快捷登录,当owner不存在时使用项目的组账号 TencentBlueKing#1476 (TencentBlueKin…
Browse files Browse the repository at this point in the history
…g#1482)

* feat: 云研发快捷登录,当owner不存在时使用项目的组账号 TencentBlueKing#1476

* feat: 云研发快捷登录,当owner不存在时使用项目的组账号 TencentBlueKing#1476
yaoxuwan authored Nov 25, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 71e4fd9 commit ac07c66
Showing 7 changed files with 54 additions and 8 deletions.
Original file line number Diff line number Diff line change
@@ -33,6 +33,7 @@ package com.tencent.bkrepo.auth.api

import com.tencent.bkrepo.auth.constant.AUTH_SERVICE_USER_PREFIX
import com.tencent.bkrepo.auth.pojo.user.CreateUserRequest
import com.tencent.bkrepo.auth.pojo.user.CreateUserToProjectRequest
import com.tencent.bkrepo.auth.pojo.user.User
import com.tencent.bkrepo.auth.pojo.user.UserInfo
import com.tencent.bkrepo.common.api.constant.AUTH_SERVICE_NAME
@@ -61,6 +62,10 @@ interface ServiceUserClient {
@RequestBody request: CreateUserRequest
): Response<Boolean>

@ApiOperation("创建项目用户")
@PostMapping("/create/project")
fun createUserToProject(@RequestBody request: CreateUserToProjectRequest): Response<Boolean>

@ApiOperation("用户详情")
@GetMapping("/detail/{uid}")
@Deprecated("仅用于兼容旧接口", ReplaceWith("userInfoById"))
Original file line number Diff line number Diff line change
@@ -33,24 +33,40 @@ package com.tencent.bkrepo.auth.controller.service

import com.tencent.bkrepo.auth.api.ServiceUserClient
import com.tencent.bkrepo.auth.pojo.user.CreateUserRequest
import com.tencent.bkrepo.auth.pojo.user.CreateUserToProjectRequest
import com.tencent.bkrepo.auth.pojo.user.User
import com.tencent.bkrepo.auth.pojo.user.UserInfo
import com.tencent.bkrepo.auth.service.RoleService
import com.tencent.bkrepo.auth.service.UserService
import com.tencent.bkrepo.auth.util.RequestUtil
import com.tencent.bkrepo.common.api.pojo.Response
import com.tencent.bkrepo.common.service.util.ResponseBuilder
import io.swagger.annotations.ApiOperation
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.web.bind.annotation.PostMapping
import org.springframework.web.bind.annotation.RestController

@RestController
class ServiceUserController @Autowired constructor(
private val userService: UserService
private val userService: UserService,
private val roleService: RoleService
) : ServiceUserClient {

override fun createUser(request: CreateUserRequest): Response<Boolean> {
userService.createUser(request)
return ResponseBuilder.success(true)
}

@ApiOperation("创建项目用户")
@PostMapping("/create/project")
override fun createUserToProject(request: CreateUserToProjectRequest): Response<Boolean> {
userService.createUserToProject(request)
val createRoleRequest = RequestUtil.buildProjectAdminRequest(request.projectId)
val roleId = roleService.createRole(createRoleRequest)
userService.addUserToRole(request.userId, roleId!!)
return ResponseBuilder.success(true)
}

@Deprecated("仅用于兼容旧接口", ReplaceWith("userInfoById"))
override fun detail(uid: String): Response<User?> {
return ResponseBuilder.success(userService.getUserById(uid))
Original file line number Diff line number Diff line change
@@ -86,7 +86,8 @@ data class DevXProperties(
*/
var srcHeaderValues: List<String> = emptyList(),
/**
* devX拦截器优先级,如果需要取用户信息优先级需要比[HttpAuthInterceptor]拦截器低
* devX拦截器优先级,
* 如果需要取用户信息优先级需要比[com.tencent.bkrepo.common.security.http.core.HttpAuthInterceptor]拦截器低
*/
var interceptorOrder: Int = Ordered.LOWEST_PRECEDENCE - 100,
/**
Original file line number Diff line number Diff line change
@@ -42,4 +42,6 @@ data class DevXWorkSpace(
val regionId: String,
@JsonProperty("inner_ip")
val innerIp: String? = null,
@JsonProperty("real_owner")
val realOwner: String,
)
Original file line number Diff line number Diff line change
@@ -29,6 +29,7 @@ package com.tencent.bkrepo.fs.server.api

import com.tencent.bkrepo.auth.pojo.permission.CheckPermissionRequest
import com.tencent.bkrepo.auth.pojo.user.CreateUserRequest
import com.tencent.bkrepo.auth.pojo.user.CreateUserToProjectRequest
import com.tencent.bkrepo.auth.pojo.user.User
import com.tencent.bkrepo.common.api.constant.AUTH_SERVICE_NAME
import com.tencent.bkrepo.common.api.pojo.Response
@@ -67,4 +68,9 @@ interface RAuthClient {
fun create(
@RequestBody request: CreateUserRequest
): Mono<Response<Boolean>>

@PostMapping("/user/create/project")
fun createUserToProject(
@RequestBody request: CreateUserToProjectRequest
): Mono<Response<Boolean>>
}
Original file line number Diff line number Diff line change
@@ -29,12 +29,14 @@ package com.tencent.bkrepo.fs.server.handler

import com.tencent.bkrepo.auth.pojo.enums.PermissionAction
import com.tencent.bkrepo.auth.pojo.user.CreateUserRequest
import com.tencent.bkrepo.auth.pojo.user.CreateUserToProjectRequest
import com.tencent.bkrepo.common.api.constant.BASIC_AUTH_PREFIX
import com.tencent.bkrepo.common.api.constant.HttpHeaders
import com.tencent.bkrepo.common.api.util.BasicAuthUtils
import com.tencent.bkrepo.common.artifact.constant.PROJECT_ID
import com.tencent.bkrepo.common.artifact.constant.REPO_NAME
import com.tencent.bkrepo.common.security.exception.AuthenticationException
import com.tencent.bkrepo.common.security.interceptor.devx.DevXWorkSpace
import com.tencent.bkrepo.fs.server.api.RAuthClient
import com.tencent.bkrepo.fs.server.constant.JWT_CLAIMS_PERMIT
import com.tencent.bkrepo.fs.server.constant.JWT_CLAIMS_REPOSITORY
@@ -82,15 +84,29 @@ class LoginHandler(
suspend fun devxLogin(request: ServerRequest): ServerResponse {
val workspace = DevxWorkspaceUtils.getWorkspace().awaitSingleOrNull() ?: throw AuthenticationException()
val repoName = request.pathVariable(REPO_NAME)
createUser(workspace.owner)
val token = createToken(workspace.projectId, repoName, workspace.owner)
val userId = createUser(workspace)
val token = createToken(workspace.projectId, repoName, userId)
val response = DevxLoginResponse(workspace.projectId, token)
return ReactiveResponseBuilder.success(response)
}

private suspend fun createUser(userName: String) {
val request = CreateUserRequest(userId = userName, name = userName)
rAuthClient.create(request).awaitSingle()
private suspend fun createUser(workspace: DevXWorkSpace): String {
return if (workspace.realOwner.isNotBlank()) {
val request = CreateUserRequest(userId = workspace.realOwner, name = workspace.realOwner)
rAuthClient.create(request).awaitSingle()
workspace.realOwner
} else {
val userId = "g_${workspace.projectId}"
val request = CreateUserToProjectRequest(
userId = userId,
name = userId,
group = true,
asstUsers = listOf(workspace.creator),
projectId = workspace.projectId
)
rAuthClient.createUserToProject(request).awaitSingle()
userId
}
}

private suspend fun createToken(projectId: String, repoName: String, username: String): String {
@@ -101,7 +117,7 @@ class LoginHandler(
} else {
val repoDetail = ReactiveArtifactContextHolder.getRepoDetail()
val readPermit = repoDetail.public ||
permissionService.checkPermission(projectId, repoName, PermissionAction.READ, username)
permissionService.checkPermission(projectId, repoName, PermissionAction.READ, username)
if (readPermit) {
claims[JWT_CLAIMS_PERMIT] = PermissionAction.READ.name
}

0 comments on commit ac07c66

Please sign in to comment.