egg.js+mongodb+openstack 公有云计费系统(三)用户系统的搭建 (2)
A/SK 机制
?
控制器
?
用户鉴权
控制器
简单用户划分
project
?
控制器
?
/*************************************************************
*
*- Copyright (c) qiduo, 2018
*- FileName: AccesskeyController.js 安全认证 Accesskey接口
*- Author: 罗波 lopo1983@vip.qq.com
*- Version: 1.0
*- Date:2018-10-15
*- Descripttion:openstack geecp
*- Modules:
*
*- Extends
* - 1.egg_Controller
*----------------------------------------------------------
*
*- Function List :
*
*- StaticsList :
* - show 获取所有ak/sk
* - update 创建ak/sk 修改备注
* - destroy 删除ak/sk
*
*- History :
* <Author> <Date> <Desc>
*
**************************************************************/
'use strict';
const Controller = require('egg').Controller;
class AccesskeyController extends Controller {
/**
* @name constructor
*
* @param {*} ctx
* @param {Function} DuFn 清理空字段函数
* @param {Model} MODEL 公司表
* @param {Object} auth 用户JWT
*
*/
constructor(ctx) {
super(ctx);
this.auth = ctx.state.user;
this.DUFn = ctx.helper.deleteUndefined;
this.MODEL = ctx.model.Account.Company;
}
/**
*
* @name 获取Accesskey列表
*
* @example
* - GET /user/accesskey/_id{ObjectId} HTTP/1.1
*
*/
async show() {
const ctx = this.ctx;
const result = await this.MODEL.getASK({ '_id': ctx.params.id });
ctx.body = result
}
/**
*
* @name 创建AK/SK|修改Info
*
* @param {String} info 必填 备注内容
* @param {ObjectId} id 必填 A/SK{ObjectId}
*
* @example
* - PUT /user/accesskey/user{ObjectId} HTTP/1.1 创建
* - PUT /user/accesskey/user{ObjectId} HTTP/1.1 修改
* body:{
* id:ak/sk{ObjectId}
* info:备注名称
* }
*
* @description info id 为必填参数
*
*/
async update() {
const ctx = this.ctx;
if (!!ctx.request.body.info) {
ctx.body = await this.MODEL.setInfo(ctx);
}
else {
ctx.body = await this.MODEL.createASK(ctx);
}
}
/**
*
* @name 删除AK/SK
*
* @param {ObjectId} id 必填 A/SK id
*
* @example
* PUT /user/accesskey/id{ObjectId} HTTP/1.1
* @description id 为必填参数
*
*/
async destroy() {
const ctx = this.ctx;
ctx.body = await this.MODEL.delASK(ctx);
}
/**
*
* @name ak/sk鉴权接口
*
* @param {ObjectId} uid 必填 用户uid
* @param {String} api_key 必填 accountKey
* @param {String} secret_key 必填 secretKey
*
* @example
* POST /user/authorization HTTP/1.1
*
* @description uid|api_key|secret_key 必填
*
*/
async authorization() {
const ctx = this.ctx;
const { uid, api_key, secret_key } = ctx.request.body;
ctx.body = await this.MODEL.apiToken({ uid, api_key, secret_key });
}
}
module.exports = AccesskeyController;
用户鉴权
控制器
'use strict';extend 扩展
const Controller = require('egg').Controller;
class ServiceJwtController extends Controller {
constructor(ctx) {
super(ctx);
this.MODELComp = ctx.model.Account.Company;
this.MODELAdmin = ctx.model.Account.Admin;
};
/**
* @name 用户token生成
*
* @param {action:string} 'api' 用于鉴权ak/sk生成token
* @param {String} compEmail 用户邮箱
* @param {String} compPhone 用户手机
* @param {String} compPassword 用户密码
*
* @description
*
* @example POST /user/sign/
*
* @return Object
*{
* "token": "",
* "info": {
* "_id": "5bcdd5e7f12ee030f44b6228",
* "compPhone": "13658157663",
* "compEmail": "64832897@qq.com",
* "compAuth": {
* "email": false,
* "phone": true
* },
* "compService": [],
* "updated": "2018-10-22T13:51:35.314Z",
* "compApi": []
* }
* }
*
**/
async sign() {
const ctx = this.ctx;
const {
body,
header
} = ctx.request;
try {
if (ctx.request.url.includes('admin')) {
ctx.body = await this.MODELAdmin.isLogin(ctx);
} else {
if (!['compEmail', 'compPhone'].map(e => Object.keys(body).includes(e)).reduce((a, b) => a + b)) {
ctx.body = {
code: 422,
message: '用户参数错误'
};
return
};
ctx.body = await this.MODELComp.isLogin(ctx);
}
} catch (error) {
console.log(error)
if (error.message === 'jwt expired') {
ctx.body = {
message: '用户鉴权失败,请重新登陆',
code: 401
}
} else {
ctx.body = {
message: !!error.errors ? `${error.errors.reduce((a, error) => { a.push(`${error.field} ${error.message}`); return a }, [])}` : error.message,
code: 422
}
}
}
}
}
module.exports = ServiceJwtController
简单用户划分
module.exports = {
isAdmin() {
console.log(this.url)
return this.state.user.group === 1 ? false : true;
},
};OpenStack 相关控制器project
'use strict';region
const Controller = require('egg').Controller;
class OPIdentityProjectsController extends Controller {
/**
* @name constructor
*
* @param {*} ctx
* @param {Function} DuFn 清理空字段函数
* @param {Object} auth 用户JWT
*
*/
constructor(ctx) {
super(ctx);
this.auth = ctx.state.user;
this.DUFn = ctx.helper.deleteUndefined;
}
/**
* @name project列表
*
* @param {String} ctx.query 不需要参数
*
* @description query参数detail存在则显示实力配置列表详细信息,若不传仅显示概要列表
*
* @example GET /openstack/projects
*
*/
async index() {
const { ctx, service } = this;
const datas = await service.openstack.identity.projects.list(ctx.query);
ctx.body = datas;
}
/**
* @name 获取单一project信息
*
* @param {String} ctx.params.id 实例id
*
* @example GET /openstack/projects/{ctx.params.id}
*
*/
async show() {
const { ctx, service } = this;
const datas = await service.openstack.identity.projects.show(ctx.params.id);
ctx.body = datas;
}
/**
* @name 创建project
*
* @param {String} ctx.params.id 实例id
*
* @example
* - POST /openstack/projects/
*/
async create() {
const { ctx, service } = this;
const { name, is_domain, description, domain_id, enabled, parent_id, tags } = ctx.request.body;
const bodys = { name, is_domain, description, domain_id, enabled, parent_id, tags };
const datas = await service.openstack.identity.projects.create(this.DUFn(bodys))
ctx.body = datas;
}
/**
* @name 更新project
*
* @param {String} ctx.params.id 实例id
*
* @example
* - DELETE /openstack/projects/{ctx.params.id}
*/
async destroy() {
const { ctx, service } = this;
const datas = await service.openstack.identity.projects.destroy(ctx.params.id);
ctx.body = datas;
}
/**
* @name 删除project
*
* @param {String} ctx.params.id 实例id
*
* @example
* - PATCH /openstack/projects/{ctx.params.id}
*/
async update() {
const { ctx, service } = this;
const { name, is_domain, description, domain_id, enabled, parent_id, tags } = ctx.request.body;
const bodys = { name, is_domain, description, domain_id, enabled, parent_id, tags };
const datas = await service.openstack.identity.projects.update(ctx.params.id, this.DUFn(bodys))
ctx.body = datas;
}
/**
* @name 锁定不可操作项目
*
*/
checkID(idx) {
const ARR = ['c3513f27bbf24362b74d13e6afae2c37', '5d3b50c18fd44db4bc6abfdbbfcf6a3a', '5c7e341df8ff493c8ae7baf57c0129dd'];
return ARR.includes(idx);
}
}
module.exports = OPIdentityProjectsController;
'use strict';user
const Controller = require('egg').Controller;
class identityUserRegionController extends Controller {
/**
* @name constructor
*
* @param {*} ctx
* @param {Function} DuFn 清理空字段函数
* @param {Object} auth 用户JWT
*
*/
constructor(ctx) {
super(ctx);
this.auth = ctx.state.user;
this.DUFn = ctx.helper.deleteUndefined;
this.MODEL = ctx.model.Openstack.Identity.Region
this.TKMODEL = ctx.model.Openstack.Token
};
/**
*
* @name 用户列表
*
* @description
*
* @example GET /openstack/identity/region
*
*/
async index() {
const { ctx, service } = this;
const datas = await this.MODEL.getAll(this.auth.id, ctx.isAdmin());
ctx.body = datas;
}
}
module.exports = identityUserRegionController;
'use strict';
const Controller = require('egg').Controller;
class identityUserController extends Controller {
/**
* @name constructor
*
* @param {*} ctx
* @param {Function} DuFn 清理空字段函数
* @param {Object} auth 用户JWT
*
*/
constructor(ctx) {
super(ctx);
this.auth = ctx.state.user;
this.DUFn = ctx.helper.deleteUndefined;
this.MODEL = ctx.model.Openstack.Identity.User
this.TKMODEL = ctx.model.Openstack.Token
};
/**
*
* @name 用户列表
*
* @param {String} ctx.query.detail 不需要参数
*
* @description query参数detail存在则显示实力配置列表详细信息,若不传仅显示概要列表
*
* @example GET /openstack/user
*
*/
async index() {
const { ctx, service } = this;
ctx.body = await service.openstack.identity.users.list(ctx.query);
};
/**
* @name 获取单一用户信息
*
* @param {String} ctx.params.id 实例id
*
* @example GET /openstack/user/{ctx.params.id}
*
*/
async show() {
const { ctx, service } = this;
ctx.body = await service.openstack.identity.users.show(ctx.params.id);
// const result = await this.MODEL.getOne(this.auth.id);
// ctx.body = result;
};
/**
* @name 创建用户
*
* @param {String} ctx.params.id 实例id
*
* @example
* - POST /openstack/user/
*/
async create() {
const ctx = this.ctx;
const result = await this.MODEL.createUser(this.auth.id)
ctx.body = result;
// const { ctx, service } = this;
// const { default_project_id, domain_id, description, enabled = true, email, name, password } = ctx.request.body;
// const bodys = { default_project_id, domain_id, description, enabled, email, name, password };
// ctx.body = await service.openstack.identity.users.create(this.DUFn(bodys));
};
/**
*
* @name 测试内部用token
*
*/
async testToken() {
const { ctx, service } = this;
ctx.body = await this.TKMODEL.getToken(this.auth.id)
};
}
module.exports = identityUserController;
