casdoor/controllers/base.go

// Copyright 2021 The Casdoor Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package controllers

import (
	"strings"
	"time"

	"github.com/beego/beego"
	"github.com/beego/beego/logs"
	"github.com/casdoor/casdoor/object"
	"github.com/casdoor/casdoor/util"
)

// ApiController
// controller for handlers under /api uri
type ApiController struct {
	beego.Controller
}

// RootController
// controller for handlers directly under / (root)
type RootController struct {
	ApiController
}

type SessionData struct {
	ExpireTime int64
}

func (c *ApiController) IsGlobalAdmin() bool {
	isGlobalAdmin, _ := c.isGlobalAdmin()

	return isGlobalAdmin
}

func (c *ApiController) IsAdmin() bool {
	isGlobalAdmin, user := c.isGlobalAdmin()
	if !isGlobalAdmin && user == nil {
		return false
	}

	return isGlobalAdmin || user.IsAdmin
}

func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
	username := c.GetSessionUsername()
	if strings.HasPrefix(username, "app/") {
		// e.g., "app/app-casnode"
		return true, nil
	}

	user := c.getCurrentUser()
	if user == nil {
		return false, nil
	}

	return user.Owner == "built-in" || user.IsGlobalAdmin, user
}

func (c *ApiController) getCurrentUser() *object.User {
	var user *object.User
	var err error
	userId := c.GetSessionUsername()
	if userId == "" {
		user = nil
	} else {
		user, err = object.GetUser(userId)
		if err != nil {
			panic(err)
		}
	}
	return user
}

// GetSessionUsername ...
func (c *ApiController) GetSessionUsername() string {
	// check if user session expired
	sessionData := c.GetSessionData()

	if sessionData != nil &&
		sessionData.ExpireTime != 0 &&
		sessionData.ExpireTime < time.Now().Unix() {
		c.ClearUserSession()
		return ""
	}

	user := c.GetSession("username")
	if user == nil {
		return ""
	}

	return user.(string)
}

func (c *ApiController) GetSessionApplication() *object.Application {
	clientId := c.GetSession("aud")
	if clientId == nil {
		return nil
	}
	application, err := object.GetApplicationByClientId(clientId.(string))
	if err != nil {
		panic(err)
	}

	return application
}

func (c *ApiController) ClearUserSession() {
	c.SetSessionUsername("")
	c.SetSessionData(nil)
}

func (c *ApiController) GetSessionOidc() (string, string) {
	sessionData := c.GetSessionData()
	if sessionData != nil &&
		sessionData.ExpireTime != 0 &&
		sessionData.ExpireTime < time.Now().Unix() {
		c.ClearUserSession()
		return "", ""
	}
	scopeValue := c.GetSession("scope")
	audValue := c.GetSession("aud")
	var scope, aud string
	var ok bool
	if scope, ok = scopeValue.(string); !ok {
		scope = ""
	}
	if aud, ok = audValue.(string); !ok {
		aud = ""
	}
	return scope, aud
}

// SetSessionUsername ...
func (c *ApiController) SetSessionUsername(user string) {
	c.SetSession("username", user)
}

// GetSessionData ...
func (c *ApiController) GetSessionData() *SessionData {
	session := c.GetSession("SessionData")
	if session == nil {
		return nil
	}

	sessionData := &SessionData{}
	err := util.JsonToStruct(session.(string), sessionData)
	if err != nil {
		logs.Error("GetSessionData failed, error: %s", err)
		return nil
	}

	return sessionData
}

// SetSessionData ...
func (c *ApiController) SetSessionData(s *SessionData) {
	if s == nil {
		c.DelSession("SessionData")
		return
	}

	c.SetSession("SessionData", util.StructToJson(s))
}

func (c *ApiController) setMfaSessionData(data *object.MfaSessionData) {
	if data == nil {
		c.SetSession(object.MfaSessionUserId, nil)
		return
	}
	c.SetSession(object.MfaSessionUserId, data.UserId)
}

func (c *ApiController) getMfaSessionData() *object.MfaSessionData {
	userId := c.GetSession(object.MfaSessionUserId)
	if userId == nil {
		return nil
	}

	data := &object.MfaSessionData{
		UserId: userId.(string),
	}
	return data
}

func (c *ApiController) setExpireForSession() {
	timestamp := time.Now().Unix()
	timestamp += 3600 * 24
	c.SetSessionData(&SessionData{
		ExpireTime: timestamp,
	})
}

func wrapActionResponse(affected bool, e ...error) *Response {
	if len(e) != 0 && e[0] != nil {
		return &Response{Status: "error", Msg: e[0].Error()}
	} else if affected {
		return &Response{Status: "ok", Msg: "", Data: "Affected"}
	} else {
		return &Response{Status: "ok", Msg: "", Data: "Unaffected"}
	}
}

func wrapErrorResponse(err error) *Response {
	if err == nil {
		return &Response{Status: "ok", Msg: ""}
	} else {
		return &Response{Status: "error", Msg: err.Error()}
	}
}

func (c *ApiController) Finish() {
	if strings.HasPrefix(c.Ctx.Input.URL(), "/api") {
		startTime := c.Ctx.Input.GetData("startTime")
		if startTime != nil {
			latency := time.Since(startTime.(time.Time)).Milliseconds()
			object.ApiLatency.WithLabelValues(c.Ctx.Input.URL(), c.Ctx.Input.Method()).Observe(float64(latency))
		}
	}
	c.Controller.Finish()
}
Update license headers. 2022-02-13 23:39:27 +08:00			`// Copyright 2021 The Casdoor Authors. All Rights Reserved.`
Add server code. 2020-10-20 21:57:29 +08:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package controllers`

feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:54:49 +08:00			`import (`
Fix bug in IsGlobalAdmin(). 2022-01-15 23:23:14 +08:00			`"strings"`
feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:54:49 +08:00			`"time"`

Update beego to v1.12.11 2022-09-29 19:44:08 +08:00			`"github.com/beego/beego"`
			`"github.com/beego/beego/logs"`
Update import path. 2022-01-20 14:11:46 +08:00			`"github.com/casdoor/casdoor/object"`
			`"github.com/casdoor/casdoor/util"`
feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:54:49 +08:00			`)`
Add server code. 2020-10-20 21:57:29 +08:00
style: golint (#988) 2022-08-09 16:50:49 +08:00			`// ApiController`
feat: update swagger api json with tags (#347) Signed-off-by: Товарищ программист <2962928213@qq.com> 2021-12-03 20:42:36 +08:00			`// controller for handlers under /api uri`
Add server code. 2020-10-20 21:57:29 +08:00			`type ApiController struct {`
			`beego.Controller`
			`}`

style: golint (#988) 2022-08-09 16:50:49 +08:00			`// RootController`
feat: update swagger api json with tags (#347) Signed-off-by: Товарищ программист <2962928213@qq.com> 2021-12-03 20:42:36 +08:00			`// controller for handlers directly under / (root)`
			`type RootController struct {`
			`ApiController`
			`}`

feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:54:49 +08:00			`type SessionData struct {`
			`ExpireTime int64`
			`}`

Allow global admin to modify username. 2022-01-13 23:19:36 +08:00			`func (c *ApiController) IsGlobalAdmin() bool {`
feat: refactor out form package and optimize verification code module (#1787) * refactor: add forms package and optimize verification code module * chore: add license * chore: fix lint * chore: fix lint * chore: fix lint * chore: swagger 2023-04-25 23:05:53 +08:00			`isGlobalAdmin, _ := c.isGlobalAdmin()`

			`return isGlobalAdmin`
			`}`

			`func (c *ApiController) IsAdmin() bool {`
			`isGlobalAdmin, user := c.isGlobalAdmin()`
fix: sdk user is not Global Admin (#1868) 2023-05-19 21:24:55 +08:00			`if !isGlobalAdmin && user == nil {`
feat: fix function CheckAccountItemModifyRule (#1789) * feat: fix function CheckAccountItemModifyRule * fix: admin changes its own username * fix: current user changes its own username * Update user.go --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-04-26 16:21:58 +08:00			`return false`
			`}`
feat: refactor out form package and optimize verification code module (#1787) * refactor: add forms package and optimize verification code module * chore: add license * chore: fix lint * chore: fix lint * chore: fix lint * chore: swagger 2023-04-25 23:05:53 +08:00
			`return isGlobalAdmin \|\| user.IsAdmin`
			`}`

			`func (c ApiController) isGlobalAdmin() (bool, object.User) {`
Allow global admin to modify username. 2022-01-13 23:19:36 +08:00			`username := c.GetSessionUsername()`
Fix bug in IsGlobalAdmin(). 2022-01-15 23:23:14 +08:00			`if strings.HasPrefix(username, "app/") {`
			`// e.g., "app/app-casnode"`
feat: refactor out form package and optimize verification code module (#1787) * refactor: add forms package and optimize verification code module * chore: add license * chore: fix lint * chore: fix lint * chore: fix lint * chore: swagger 2023-04-25 23:05:53 +08:00			`return true, nil`
Fix bug in IsGlobalAdmin(). 2022-01-15 23:23:14 +08:00			`}`

feat: refactor out form package and optimize verification code module (#1787) * refactor: add forms package and optimize verification code module * chore: add license * chore: fix lint * chore: fix lint * chore: fix lint * chore: swagger 2023-04-25 23:05:53 +08:00			`user := c.getCurrentUser()`
Fix bug in IsGlobalAdmin(). 2022-01-15 23:23:14 +08:00			`if user == nil {`
feat: refactor out form package and optimize verification code module (#1787) * refactor: add forms package and optimize verification code module * chore: add license * chore: fix lint * chore: fix lint * chore: fix lint * chore: swagger 2023-04-25 23:05:53 +08:00			`return false, nil`
Fix bug in IsGlobalAdmin(). 2022-01-15 23:23:14 +08:00			`}`

feat: refactor out form package and optimize verification code module (#1787) * refactor: add forms package and optimize verification code module * chore: add license * chore: fix lint * chore: fix lint * chore: fix lint * chore: swagger 2023-04-25 23:05:53 +08:00			`return user.Owner == "built-in" \|\| user.IsGlobalAdmin, user`
			`}`

			`func (c ApiController) getCurrentUser() object.User {`
			`var user *object.User`
feat: return most backend API errors to frontend (#1836) * feat: return most backend API errros to frontend Signed-off-by: yehong <239859435@qq.com> * refactor: reduce int type change Signed-off-by: yehong <239859435@qq.com> * feat: return err backend in token.go Signed-off-by: yehong <239859435@qq.com> --------- Signed-off-by: yehong <239859435@qq.com> 2023-05-30 15:49:39 +08:00			`var err error`
feat: refactor out form package and optimize verification code module (#1787) * refactor: add forms package and optimize verification code module * chore: add license * chore: fix lint * chore: fix lint * chore: fix lint * chore: swagger 2023-04-25 23:05:53 +08:00			`userId := c.GetSessionUsername()`
			`if userId == "" {`
			`user = nil`
			`} else {`
feat: return most backend API errors to frontend (#1836) * feat: return most backend API errros to frontend Signed-off-by: yehong <239859435@qq.com> * refactor: reduce int type change Signed-off-by: yehong <239859435@qq.com> * feat: return err backend in token.go Signed-off-by: yehong <239859435@qq.com> --------- Signed-off-by: yehong <239859435@qq.com> 2023-05-30 15:49:39 +08:00			`user, err = object.GetUser(userId)`
			`if err != nil {`
			`panic(err)`
			`}`
feat: refactor out form package and optimize verification code module (#1787) * refactor: add forms package and optimize verification code module * chore: add license * chore: fix lint * chore: fix lint * chore: fix lint * chore: swagger 2023-04-25 23:05:53 +08:00			`}`
			`return user`
Allow global admin to modify username. 2022-01-13 23:19:36 +08:00			`}`

fix: improve code specification (#231) 2021-08-07 22:02:56 +08:00			`// GetSessionUsername ...`
refactor: SessionUser -> SessionUsername Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:15:22 +08:00			`func (c *ApiController) GetSessionUsername() string {`
feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:54:49 +08:00			`// check if user session expired`
			`sessionData := c.GetSessionData()`
feat: replace panic with details json error payload. (#1039) Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com> Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com> 2022-08-20 21:09:32 +08:00
feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:54:49 +08:00			`if sessionData != nil &&`
			`sessionData.ExpireTime != 0 &&`
			`sessionData.ExpireTime < time.Now().Unix() {`
feat: clear the session of a signin but non-existent user (#1246) 2022-10-29 20:18:02 +08:00			`c.ClearUserSession()`
feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:54:49 +08:00			`return ""`
			`}`

Add user list and edit pages. 2020-10-20 23:14:03 +08:00			`user := c.GetSession("username")`
			`if user == nil {`
			`return ""`
			`}`

			`return user.(string)`
			`}`

fix: redirect for non-built-in app logout (#587) Signed-off-by: Steve0x2a <stevesough@gmail.com> 2022-03-19 19:50:05 +08:00			`func (c ApiController) GetSessionApplication() object.Application {`
			`clientId := c.GetSession("aud")`
			`if clientId == nil {`
			`return nil`
			`}`
feat: return most backend API errors to frontend (#1836) * feat: return most backend API errros to frontend Signed-off-by: yehong <239859435@qq.com> * refactor: reduce int type change Signed-off-by: yehong <239859435@qq.com> * feat: return err backend in token.go Signed-off-by: yehong <239859435@qq.com> --------- Signed-off-by: yehong <239859435@qq.com> 2023-05-30 15:49:39 +08:00			`application, err := object.GetApplicationByClientId(clientId.(string))`
			`if err != nil {`
			`panic(err)`
			`}`

fix: redirect for non-built-in app logout (#587) Signed-off-by: Steve0x2a <stevesough@gmail.com> 2022-03-19 19:50:05 +08:00			`return application`
			`}`

feat: clear the session of a signin but non-existent user (#1246) 2022-10-29 20:18:02 +08:00			`func (c *ApiController) ClearUserSession() {`
			`c.SetSessionUsername("")`
			`c.SetSessionData(nil)`
			`}`

feat: add userinfo endpoint (#447) * feat: add userinfo endpoint Signed-off-by: 0x2a <stevesough@gmail.com> * feat: add scope support Signed-off-by: 0x2a <stevesough@gmail.com> * fix: modify the endpoint of discovery Signed-off-by: 0x2a <stevesough@gmail.com> 2022-01-26 11:56:01 +08:00			`func (c *ApiController) GetSessionOidc() (string, string) {`
			`sessionData := c.GetSessionData()`
			`if sessionData != nil &&`
			`sessionData.ExpireTime != 0 &&`
			`sessionData.ExpireTime < time.Now().Unix() {`
feat: clear the session of a signin but non-existent user (#1246) 2022-10-29 20:18:02 +08:00			`c.ClearUserSession()`
feat: add userinfo endpoint (#447) * feat: add userinfo endpoint Signed-off-by: 0x2a <stevesough@gmail.com> * feat: add scope support Signed-off-by: 0x2a <stevesough@gmail.com> * fix: modify the endpoint of discovery Signed-off-by: 0x2a <stevesough@gmail.com> 2022-01-26 11:56:01 +08:00			`return "", ""`
			`}`
			`scopeValue := c.GetSession("scope")`
			`audValue := c.GetSession("aud")`
			`var scope, aud string`
			`var ok bool`
			`if scope, ok = scopeValue.(string); !ok {`
			`scope = ""`
			`}`
			`if aud, ok = audValue.(string); !ok {`
			`aud = ""`
			`}`
			`return scope, aud`
			`}`

fix: improve code specification (#231) 2021-08-07 22:02:56 +08:00			`// SetSessionUsername ...`
refactor: SessionUser -> SessionUsername Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:15:22 +08:00			`func (c *ApiController) SetSessionUsername(user string) {`
Add user list and edit pages. 2020-10-20 23:14:03 +08:00			`c.SetSession("username", user)`
Add server code. 2020-10-20 21:57:29 +08:00			`}`
Improve API error handling. 2021-03-28 00:48:34 +08:00
fix: improve code specification (#231) 2021-08-07 22:02:56 +08:00			`// GetSessionData ...`
feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:54:49 +08:00			`func (c ApiController) GetSessionData() SessionData {`
			`session := c.GetSession("SessionData")`
			`if session == nil {`
			`return nil`
			`}`

			`sessionData := &SessionData{}`
			`err := util.JsonToStruct(session.(string), sessionData)`
			`if err != nil {`
feat: replace panic with details json error payload. (#1039) Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com> Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com> 2022-08-20 21:09:32 +08:00			`logs.Error("GetSessionData failed, error: %s", err)`
			`return nil`
feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:54:49 +08:00			`}`

			`return sessionData`
			`}`

fix: improve code specification (#231) 2021-08-07 22:02:56 +08:00			`// SetSessionData ...`
feat: session without autosignin will expire Signed-off-by: Kininaru <shiftregister233@outlook.com> 2021-07-18 07:54:49 +08:00			`func (c ApiController) SetSessionData(s SessionData) {`
			`if s == nil {`
			`c.DelSession("SessionData")`
			`return`
			`}`

			`c.SetSession("SessionData", util.StructToJson(s))`
			`}`

feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`func (c ApiController) setMfaSessionData(data object.MfaSessionData) {`
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`if data == nil {`
			`c.SetSession(object.MfaSessionUserId, nil)`
			`return`
			`}`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`c.SetSession(object.MfaSessionUserId, data.UserId)`
			`}`

			`func (c ApiController) getMfaSessionData() object.MfaSessionData {`
			`userId := c.GetSession(object.MfaSessionUserId)`
			`if userId == nil {`
			`return nil`
			`}`

			`data := &object.MfaSessionData{`
			`UserId: userId.(string),`
			`}`
			`return data`
			`}`

			`func (c *ApiController) setExpireForSession() {`
			`timestamp := time.Now().Unix()`
			`timestamp += 3600 * 24`
			`c.SetSessionData(&SessionData{`
			`ExpireTime: timestamp,`
			`})`
			`}`

feat: return most backend API errors to frontend (#1836) * feat: return most backend API errros to frontend Signed-off-by: yehong <239859435@qq.com> * refactor: reduce int type change Signed-off-by: yehong <239859435@qq.com> * feat: return err backend in token.go Signed-off-by: yehong <239859435@qq.com> --------- Signed-off-by: yehong <239859435@qq.com> 2023-05-30 15:49:39 +08:00			`func wrapActionResponse(affected bool, e ...error) *Response {`
			`if len(e) != 0 && e[0] != nil {`
			`return &Response{Status: "error", Msg: e[0].Error()}`
			`} else if affected {`
feat: revert to the original behavior for wrapActionResponse() (#1021) Revert: https://github.com/casdoor/casdoor/commit/340fbe135d14490b7c7f075b9746f4f1bfa95e43 see: https://github.com/casdoor/casdoor-go-sdk/pull/36. 2022-08-16 00:20:37 +08:00			`return &Response{Status: "ok", Msg: "", Data: "Affected"}`
Improve API error handling. 2021-03-28 00:48:34 +08:00			`} else {`
feat: revert to the original behavior for wrapActionResponse() (#1021) Revert: https://github.com/casdoor/casdoor/commit/340fbe135d14490b7c7f075b9746f4f1bfa95e43 see: https://github.com/casdoor/casdoor-go-sdk/pull/36. 2022-08-16 00:20:37 +08:00			`return &Response{Status: "ok", Msg: "", Data: "Unaffected"}`
Improve API error handling. 2021-03-28 00:48:34 +08:00			`}`
			`}`
Add alipay provider. 2022-03-06 22:46:02 +08:00
			`func wrapErrorResponse(err error) *Response {`
			`if err == nil {`
			`return &Response{Status: "ok", Msg: ""}`
			`} else {`
			`return &Response{Status: "error", Msg: err.Error()}`
			`}`
			`}`
feat: fix prometheus filter bugs (#1792) * fix: fix prometheus * fix: count latency with prefix api * fix: latency should not be counted when startTime is nil 2023-04-26 22:18:48 +08:00
			`func (c *ApiController) Finish() {`
			`if strings.HasPrefix(c.Ctx.Input.URL(), "/api") {`
			`startTime := c.Ctx.Input.GetData("startTime")`
			`if startTime != nil {`
			`latency := time.Since(startTime.(time.Time)).Milliseconds()`
feat: fix the order of Method and Name in System Info (#1797) * fix: fixed the order of Method and Name in System Info * fix: add i18n for System Info 2023-04-28 22:11:10 +08:00			`object.ApiLatency.WithLabelValues(c.Ctx.Input.URL(), c.Ctx.Input.Method()).Observe(float64(latency))`
feat: fix prometheus filter bugs (#1792) * fix: fix prometheus * fix: count latency with prefix api * fix: latency should not be counted when startTime is nil 2023-04-26 22:18:48 +08:00			`}`
			`}`
			`c.Controller.Finish()`
			`}`