Add api for third party to authenticate (#58)

* Fix bugs in email sending and vm power managing. * Add api for third party to authenticate
bugitt · Jan 17, 2024 · d0a591e · d0a591e
1 parent feb572b
commit d0a591e
Show file tree

Hide file tree

Showing 7 changed files with 168 additions and 4 deletions.
diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/auth/Token.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/auth/Token.kt
@@ -36,6 +36,7 @@ val escapeApiMap = mapOf(
     "/api/v2/activeUser" to listOf(HttpMethod.Post),
     "/api/v2/auth/sendResetPasswordEmail" to listOf(HttpMethod.Post),
     "/api/v2/resetPassword" to listOf(HttpMethod.Post),
+    "/api/v2/tokenInfo" to listOf(HttpMethod.Post),
     "/test" to listOf(HttpMethod.Get),
 )
 

diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/GetTokenInfoRequest.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/GetTokenInfoRequest.kt
@@ -0,0 +1,26 @@
+/**
+* cloudapi_v2
+* buaa scs cloud api v2
+*
+* The version of the OpenAPI document: 2.0
+* Contact: [email protected]
+*
+* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+* https://openapi-generator.tech
+* Do not edit the class manually.
+*/
+package cn.edu.buaa.scs.controller.models
+
+
+/**
+ * 
+ * @param token 用户的认证令牌
+ * @param service 请求的服务名称
+ */
+data class GetTokenInfoRequest(
+    /* 用户的认证令牌 */
+    val token: kotlin.String,
+    /* 请求的服务名称 */
+    val service: kotlin.String
+) 
+
diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponse.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponse.kt
@@ -0,0 +1,27 @@
+/**
+* cloudapi_v2
+* buaa scs cloud api v2
+*
+* The version of the OpenAPI document: 2.0
+* Contact: [email protected]
+*
+* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+* https://openapi-generator.tech
+* Do not edit the class manually.
+*/
+package cn.edu.buaa.scs.controller.models
+
+import cn.edu.buaa.scs.controller.models.TokenInfoResponseData
+
+/**
+ * 
+ * @param code 
+ * @param msg 
+ * @param `data` 
+ */
+data class TokenInfoResponse(
+    val code: kotlin.Int,
+    val msg: kotlin.String,
+    val `data`: TokenInfoResponseData? = null
+) 
+
diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponseData.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponseData.kt
@@ -0,0 +1,29 @@
+/**
+* cloudapi_v2
+* buaa scs cloud api v2
+*
+* The version of the OpenAPI document: 2.0
+* Contact: [email protected]
+*
+* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+* https://openapi-generator.tech
+* Do not edit the class manually.
+*/
+package cn.edu.buaa.scs.controller.models
+
+
+/**
+ * 
+ * @param id 用户的唯一标识
+ * @param role 用户角色
+ * @param service 第三方服务名称
+ */
+data class TokenInfoResponseData(
+    /* 用户的唯一标识 */
+    val id: kotlin.String,
+    /* 用户角色 */
+    val role: kotlin.String,
+    /* 第三方服务名称 */
+    val service: kotlin.String
+) 
+
diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/route/Auth.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/route/Auth.kt
@@ -52,6 +52,15 @@ fun Route.authRoute() {
         }
     }
 
+    route("/tokenInfo") {
+        post {
+            val req = call.receive<GetTokenInfoRequest>()
+            call.respond(
+                call.auth.getTokenInfo(req.token, req.service)
+            )
+        }
+    }
+
     route("/checkPermission") {
         get {
             val entityType = call.parameters["entityType"] ?: throw BadRequestException("entityType is required")

diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/service/Auth.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/service/Auth.kt
@@ -1,14 +1,14 @@
 package cn.edu.buaa.scs.service
 
 import cn.edu.buaa.scs.application
-import cn.edu.buaa.scs.auth.authAdmin
-import cn.edu.buaa.scs.auth.authRead
-import cn.edu.buaa.scs.auth.authWrite
-import cn.edu.buaa.scs.auth.generateRSAToken
+import cn.edu.buaa.scs.auth.*
 import cn.edu.buaa.scs.cache.authRedis
 import cn.edu.buaa.scs.config.Constant
 import cn.edu.buaa.scs.controller.models.LoginUserResponse
 import cn.edu.buaa.scs.controller.models.SimpleCourse
+import cn.edu.buaa.scs.controller.models.TokenInfoResponse
+import cn.edu.buaa.scs.controller.models.TokenInfoResponseData
+import cn.edu.buaa.scs.error.AuthorizationException
 import cn.edu.buaa.scs.model.*
 import cn.edu.buaa.scs.storage.mysql
 import cn.edu.buaa.scs.utils.*
@@ -115,6 +115,20 @@ class AuthService(val call: ApplicationCall) : IService {
         return resp
     }
 
+    fun getTokenInfo(token: String, service: String): TokenInfoResponse {
+        val userId =
+            // rsa token
+            RSAEncrypt.decrypt(token).getOrNull()?.let { tokenInfo ->
+                jsonReadValue<TokenInfo>(tokenInfo).userId
+            } ?:
+            // redis uuid token
+            authRedis.checkToken(token) ?:
+            // error
+            return TokenInfoResponse(2001, "$service Token错误")
+        val user = User.id(userId)
+        return TokenInfoResponse(1003, "$service 验证成功", TokenInfoResponseData(user.id, if (user.isStudent()) "student" else if (user.isTeacher()) "teacher" else "superAdmin", service))
+    }
+
     suspend fun buaaSSOLogin(ssoToken: String): LoginUserResponse {
         val user = User.id(verifySSOToken(ssoToken).getOrThrow())
         return afterLogin(generateRSAToken(user.id), user)

diff --git a/openapi/cloudapi_v2.yaml b/openapi/cloudapi_v2.yaml
@@ -1804,6 +1804,36 @@ paths:
             type: boolean
           in: query
           name: listProjects
+  /tokenInfo:
+    post:
+      summary: 向第三方提供认证服务
+      tags:
+        - 鉴权
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                token:
+                  type: string
+                  description: 用户的认证令牌
+                service:
+                  type: string
+                  description: 请求的服务名称
+              required:
+                - token
+                - service
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TokenInfoResponse'
+      operationId: get-tokenInfo
+      description: 第三方通过传入 token，对该用户的信息进行认证
   /buaaSSOLogin:
     post:
       summary: 统一认证登录
@@ -4248,6 +4278,34 @@ components:
         - paasToken
         - adminCourses
         - email
+    TokenInfoResponse:
+      title: TokenInfoResponse
+      type: object
+      properties:
+        code:
+          type: integer
+          format: int32
+        msg:
+          type: string
+        data:
+          type: object
+          properties:
+            id:
+              type: string
+              description: 用户的唯一标识
+            role:
+              type: string
+              description: 用户角色
+            service:
+              type: string
+              description: 第三方服务名称
+          required:
+            - id
+            - role
+            - service
+      required:
+        - code
+        - msg
     ContainerServiceTemplate:
       title: ContainerServiceTemplate
       x-stoplight: