feat: 管理员 token

SaltWood-Studio · Aug 28, 2024 · ed26c5c · ed26c5c
1 parent 9d5a579
commit ed26c5c
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 7 deletions.
diff --git a/src/database/github-user.ts b/src/database/github-user.ts
@@ -30,6 +30,16 @@ export class GitHubUser {
         user.id = this.id;
         user.username = this.login;
         user.photo = this.avatar_url;
+        user.isSuperUser = 0;
+        return user;
+    }
+
+    public toUserWithDbEntity(u: UserEntity): UserEntity {
+        const user = new UserEntity();
+        user.id = this.id;
+        user.username = this.login;
+        user.photo = this.avatar_url;
+        user.isSuperUser = Number(Boolean(u.isSuperUser));
         return user;
     }
 }
diff --git a/src/server.ts b/src/server.ts
@@ -95,6 +95,15 @@ export class Server {
     public init(): void {
         this.updateFiles();
         this.setupRoutes();
+
+        const users = new Set(this.clusters.map(c => Number(c.owner)));
+        for (const user of users) {
+            try {
+                const url = `https://${Config.getInstance().githubApiUrl}/user/${user}`;
+            } catch (error) {
+                console.error(error);
+            }
+        }
     }
 
     public async updateFiles(checkClusters: boolean = false): Promise<void> {
@@ -216,7 +225,7 @@ export class Server {
                 // 处理数据库操作
                 let dbUser = this.db.getEntity<UserEntity>(UserEntity, user.id);
                 if (dbUser) {
-                    this.db.update(user.toUserEntity());
+                    this.db.update(user.toUserWithDbEntity(dbUser));
                 } else {
                     this.db.insert<UserEntity>(user.toUserEntity());
                 }
@@ -231,6 +240,18 @@ export class Server {
                     expires: new Date(Date.now() + 86400000), // 24小时后过期
                     secure: true
                 });
+
+                if (this.db.getEntity<UserEntity>(UserEntity, user.id)?.isSuperUser) {
+                    const adminToken = JwtHelper.getInstance().issueToken({
+                        userId: user.id,
+                        clientId: Config.getInstance().githubOAuthClientId
+                    }, "admin", 60 * 60 * 24);
+                    res.cookie('adminToken', adminToken, {
+                        expires: new Date(Date.now() + 86400000), // 24小时后过期
+                        secure: true,
+                        path: '/93AtHome/super'
+                    });
+                }
 
                 res.status(200).json({
                     avatar_url: user.avatar_url,
@@ -620,11 +641,15 @@ export class Server {
             res.status(200).send();
         });
         this.app.post('/93AtHome/super/cluster/create', (req: Request, res: Response) => {
-            if (!Utilities.verifyUser(req, res, this.db, true)) return;
+            if (!Utilities.verifyAdmin(req, res, this.db)) return;
+            const clusterName = req.body.clusterName as string;
+            const bandwidth = req.body.bandwidth as number;
+
             let cluster = new ClusterEntity();
             cluster.clusterId = Utilities.generateRandomString(24);
             cluster.clusterSecret = Utilities.generateRandomString(32);
-            cluster.bandwidth = 50;
+            cluster.clusterName = clusterName;
+            cluster.bandwidth = bandwidth;
             cluster.port = 0;
             cluster.owner = 0;
             cluster.traffic = 0;
@@ -638,7 +663,7 @@ export class Server {
             res.status(200).json(removeSensitiveInfo(cluster));
         });
         this.app.post('/93AtHome/super/cluster/ban', (req: Request, res: Response) => {
-            if (!Utilities.verifyUser(req, res, this.db, true)) return;
+            if (!Utilities.verifyAdmin(req, res, this.db)) return;
             const data = req.body as {
                 clusterId: string,
                 ban: boolean
@@ -654,7 +679,7 @@ export class Server {
             res.status(200).json(removeSensitiveInfo(cluster));
         });
         this.app.post('/93AtHome/super/cluster/profile', (req: Request, res: Response) => {
-            if (!Utilities.verifyUser(req, res, this.db, true)) return;
+            if (!Utilities.verifyAdmin(req, res, this.db)) return;
             const userId = JwtHelper.getInstance().verifyToken(req.cookies.token, 'user') as { userId: number };
             const clusterId = req.query.clusterId as string;
             const clusterName = req.body.clusterName as string || null;

diff --git a/src/utilities.ts b/src/utilities.ts
@@ -338,7 +338,7 @@ export class Utilities {
     /**
      * verifyUser
      */
-    public static verifyUser(req: Request, res: Response, db: SQLiteHelper, needAdmin: boolean = false): boolean {
+    public static verifyUser(req: Request, res: Response, db: SQLiteHelper): boolean {
         const id = (JwtHelper.getInstance().verifyToken(req.cookies.token, 'user') as { userId: number })?.userId;
         if (!id) {
             res.status(401).send('Unauthorized');
@@ -349,7 +349,21 @@ export class Utilities {
             res.status(401).send('Unauthorized');
             return false;
         }
-        if (needAdmin && !user.isSuperUser) {
+        return true;
+    }
+
+    public static verifyAdmin(req: Request, res: Response, db: SQLiteHelper): boolean {
+        const id = (JwtHelper.getInstance().verifyToken(req.cookies.adminToken, 'admin') as { userId: number })?.userId;
+        if (!id) {
+            res.status(401).send('Unauthorized');
+            return false;
+        }
+        const user = db.getEntity<UserEntity>(UserEntity, id);
+        if (!user) {
+            res.status(401).send('Unauthorized');
+            return false;
+        }
+        if (!user.isSuperUser) {
             res.status(403).send('Forbidden');
             return false;
         }