From d0a591e13fc0b970ecb10ee501cc05d823fbac4a Mon Sep 17 00:00:00 2001 From: HanZiyao <49408466+h56983577@users.noreply.github.com> Date: Wed, 17 Jan 2024 16:50:16 +0800 Subject: [PATCH] Add api for third party to authenticate (#58) * Fix bugs in email sending and vm power managing. * Add api for third party to authenticate --- .../main/kotlin/cn/edu/buaa/scs/auth/Token.kt | 1 + .../controller/models/GetTokenInfoRequest.kt | 26 +++++++++ .../controller/models/TokenInfoResponse.kt | 27 +++++++++ .../models/TokenInfoResponseData.kt | 29 ++++++++++ .../main/kotlin/cn/edu/buaa/scs/route/Auth.kt | 9 +++ .../kotlin/cn/edu/buaa/scs/service/Auth.kt | 22 +++++-- openapi/cloudapi_v2.yaml | 58 +++++++++++++++++++ 7 files changed, 168 insertions(+), 4 deletions(-) create mode 100644 cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/GetTokenInfoRequest.kt create mode 100644 cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponse.kt create mode 100644 cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponseData.kt diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/auth/Token.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/auth/Token.kt index 6bfedd8..bcb5e83 100644 --- a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/auth/Token.kt +++ b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/auth/Token.kt @@ -36,6 +36,7 @@ val escapeApiMap = mapOf( "/api/v2/activeUser" to listOf(HttpMethod.Post), "/api/v2/auth/sendResetPasswordEmail" to listOf(HttpMethod.Post), "/api/v2/resetPassword" to listOf(HttpMethod.Post), + "/api/v2/tokenInfo" to listOf(HttpMethod.Post), "/test" to listOf(HttpMethod.Get), ) diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/GetTokenInfoRequest.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/GetTokenInfoRequest.kt new file mode 100644 index 0000000..b7deeba --- /dev/null +++ b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/GetTokenInfoRequest.kt @@ -0,0 +1,26 @@ +/** +* cloudapi_v2 +* buaa scs cloud api v2 +* +* The version of the OpenAPI document: 2.0 +* Contact: loheagn@icloud.com +* +* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). +* https://openapi-generator.tech +* Do not edit the class manually. +*/ +package cn.edu.buaa.scs.controller.models + + +/** + * + * @param token 用户的认证令牌 + * @param service 请求的服务名称 + */ +data class GetTokenInfoRequest( + /* 用户的认证令牌 */ + val token: kotlin.String, + /* 请求的服务名称 */ + val service: kotlin.String +) + diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponse.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponse.kt new file mode 100644 index 0000000..a5a564c --- /dev/null +++ b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponse.kt @@ -0,0 +1,27 @@ +/** +* cloudapi_v2 +* buaa scs cloud api v2 +* +* The version of the OpenAPI document: 2.0 +* Contact: loheagn@icloud.com +* +* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). +* https://openapi-generator.tech +* Do not edit the class manually. +*/ +package cn.edu.buaa.scs.controller.models + +import cn.edu.buaa.scs.controller.models.TokenInfoResponseData + +/** + * + * @param code + * @param msg + * @param `data` + */ +data class TokenInfoResponse( + val code: kotlin.Int, + val msg: kotlin.String, + val `data`: TokenInfoResponseData? = null +) + diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponseData.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponseData.kt new file mode 100644 index 0000000..a24501a --- /dev/null +++ b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/controller/models/TokenInfoResponseData.kt @@ -0,0 +1,29 @@ +/** +* cloudapi_v2 +* buaa scs cloud api v2 +* +* The version of the OpenAPI document: 2.0 +* Contact: loheagn@icloud.com +* +* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). +* https://openapi-generator.tech +* Do not edit the class manually. +*/ +package cn.edu.buaa.scs.controller.models + + +/** + * + * @param id 用户的唯一标识 + * @param role 用户角色 + * @param service 第三方服务名称 + */ +data class TokenInfoResponseData( + /* 用户的唯一标识 */ + val id: kotlin.String, + /* 用户角色 */ + val role: kotlin.String, + /* 第三方服务名称 */ + val service: kotlin.String +) + diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/route/Auth.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/route/Auth.kt index 62b705f..98e31b0 100644 --- a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/route/Auth.kt +++ b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/route/Auth.kt @@ -52,6 +52,15 @@ fun Route.authRoute() { } } + route("/tokenInfo") { + post { + val req = call.receive() + call.respond( + call.auth.getTokenInfo(req.token, req.service) + ) + } + } + route("/checkPermission") { get { val entityType = call.parameters["entityType"] ?: throw BadRequestException("entityType is required") diff --git a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/service/Auth.kt b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/service/Auth.kt index aff9bf2..eb455f1 100644 --- a/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/service/Auth.kt +++ b/cloudapi-web/src/main/kotlin/cn/edu/buaa/scs/service/Auth.kt @@ -1,14 +1,14 @@ package cn.edu.buaa.scs.service import cn.edu.buaa.scs.application -import cn.edu.buaa.scs.auth.authAdmin -import cn.edu.buaa.scs.auth.authRead -import cn.edu.buaa.scs.auth.authWrite -import cn.edu.buaa.scs.auth.generateRSAToken +import cn.edu.buaa.scs.auth.* import cn.edu.buaa.scs.cache.authRedis import cn.edu.buaa.scs.config.Constant import cn.edu.buaa.scs.controller.models.LoginUserResponse import cn.edu.buaa.scs.controller.models.SimpleCourse +import cn.edu.buaa.scs.controller.models.TokenInfoResponse +import cn.edu.buaa.scs.controller.models.TokenInfoResponseData +import cn.edu.buaa.scs.error.AuthorizationException import cn.edu.buaa.scs.model.* import cn.edu.buaa.scs.storage.mysql import cn.edu.buaa.scs.utils.* @@ -115,6 +115,20 @@ class AuthService(val call: ApplicationCall) : IService { return resp } + fun getTokenInfo(token: String, service: String): TokenInfoResponse { + val userId = + // rsa token + RSAEncrypt.decrypt(token).getOrNull()?.let { tokenInfo -> + jsonReadValue(tokenInfo).userId + } ?: + // redis uuid token + authRedis.checkToken(token) ?: + // error + return TokenInfoResponse(2001, "$service Token错误") + val user = User.id(userId) + return TokenInfoResponse(1003, "$service 验证成功", TokenInfoResponseData(user.id, if (user.isStudent()) "student" else if (user.isTeacher()) "teacher" else "superAdmin", service)) + } + suspend fun buaaSSOLogin(ssoToken: String): LoginUserResponse { val user = User.id(verifySSOToken(ssoToken).getOrThrow()) return afterLogin(generateRSAToken(user.id), user) diff --git a/openapi/cloudapi_v2.yaml b/openapi/cloudapi_v2.yaml index 101e1ed..ff5deb7 100644 --- a/openapi/cloudapi_v2.yaml +++ b/openapi/cloudapi_v2.yaml @@ -1804,6 +1804,36 @@ paths: type: boolean in: query name: listProjects + /tokenInfo: + post: + summary: 向第三方提供认证服务 + tags: + - 鉴权 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + token: + type: string + description: 用户的认证令牌 + service: + type: string + description: 请求的服务名称 + required: + - token + - service + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/TokenInfoResponse' + operationId: get-tokenInfo + description: 第三方通过传入 token,对该用户的信息进行认证 /buaaSSOLogin: post: summary: 统一认证登录 @@ -4248,6 +4278,34 @@ components: - paasToken - adminCourses - email + TokenInfoResponse: + title: TokenInfoResponse + type: object + properties: + code: + type: integer + format: int32 + msg: + type: string + data: + type: object + properties: + id: + type: string + description: 用户的唯一标识 + role: + type: string + description: 用户角色 + service: + type: string + description: 第三方服务名称 + required: + - id + - role + - service + required: + - code + - msg ContainerServiceTemplate: title: ContainerServiceTemplate x-stoplight: