2022-02-13 23:39:27 +08:00
|
|
|
// Copyright 2021 The Casdoor Authors. All Rights Reserved.
|
2021-07-17 14:13:00 +08:00
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
2021-02-15 10:05:14 +08:00
|
|
|
package object
|
|
|
|
|
|
2021-12-31 09:36:48 +08:00
|
|
|
import (
|
2022-07-12 20:06:01 +08:00
|
|
|
"encoding/gob"
|
2022-08-15 09:18:21 +08:00
|
|
|
"fmt"
|
2022-08-09 16:50:49 +08:00
|
|
|
"os"
|
2021-12-31 09:36:48 +08:00
|
|
|
|
2022-08-29 21:26:00 +08:00
|
|
|
"github.com/casdoor/casdoor/conf"
|
2022-01-20 14:11:46 +08:00
|
|
|
"github.com/casdoor/casdoor/util"
|
2023-03-07 13:38:48 +08:00
|
|
|
"github.com/go-webauthn/webauthn/webauthn"
|
2021-12-31 09:36:48 +08:00
|
|
|
)
|
|
|
|
|
|
2021-02-15 10:05:14 +08:00
|
|
|
func InitDb() {
|
2022-03-31 12:28:45 +08:00
|
|
|
existed := initBuiltInOrganization()
|
|
|
|
|
if !existed {
|
2022-08-24 17:21:05 +08:00
|
|
|
initBuiltInModel()
|
2022-07-24 23:36:55 +08:00
|
|
|
initBuiltInPermission()
|
2022-06-22 00:03:55 +08:00
|
|
|
initBuiltInProvider()
|
2022-03-31 12:28:45 +08:00
|
|
|
initBuiltInUser()
|
|
|
|
|
initBuiltInApplication()
|
|
|
|
|
initBuiltInCert()
|
|
|
|
|
initBuiltInLdap()
|
|
|
|
|
}
|
2022-07-12 20:06:01 +08:00
|
|
|
|
|
|
|
|
initWebAuthn()
|
2021-02-15 10:05:14 +08:00
|
|
|
}
|
|
|
|
|
|
2023-02-19 09:45:06 +08:00
|
|
|
func getBuiltInAccountItems() []*AccountItem {
|
|
|
|
|
return []*AccountItem{
|
|
|
|
|
{Name: "Organization", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
|
|
|
|
|
{Name: "ID", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
|
|
|
|
|
{Name: "Name", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
|
|
|
|
|
{Name: "Display name", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Avatar", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
|
|
|
|
|
{Name: "User type", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
|
|
|
|
|
{Name: "Password", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Email", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Phone", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
|
2023-02-24 14:28:34 +08:00
|
|
|
{Name: "Country code", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
|
2023-02-19 09:45:06 +08:00
|
|
|
{Name: "Country/Region", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Location", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Affiliation", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Title", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Homepage", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Bio", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Tag", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
|
|
|
|
|
{Name: "Signup application", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
|
|
|
|
|
{Name: "Roles", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
|
|
|
|
|
{Name: "Permissions", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
|
|
|
|
|
{Name: "3rd-party logins", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Properties", Visible: false, ViewRule: "Admin", ModifyRule: "Admin"},
|
|
|
|
|
{Name: "Is admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
|
|
|
|
|
{Name: "Is global admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
|
|
|
|
|
{Name: "Is forbidden", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
|
|
|
|
|
{Name: "Is deleted", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
|
2023-05-05 21:23:59 +08:00
|
|
|
{Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
|
2023-02-19 09:45:06 +08:00
|
|
|
{Name: "WebAuthn credentials", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
|
|
|
|
|
{Name: "Managed accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-31 12:28:45 +08:00
|
|
|
func initBuiltInOrganization() bool {
|
2021-02-15 10:05:14 +08:00
|
|
|
organization := getOrganization("admin", "built-in")
|
|
|
|
|
if organization != nil {
|
2022-03-31 12:28:45 +08:00
|
|
|
return true
|
2021-02-15 10:05:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
organization = &Organization{
|
2023-03-03 21:32:06 +08:00
|
|
|
Owner: "admin",
|
|
|
|
|
Name: "built-in",
|
|
|
|
|
CreatedTime: util.GetCurrentTime(),
|
|
|
|
|
DisplayName: "Built-in Organization",
|
|
|
|
|
WebsiteUrl: "https://example.com",
|
|
|
|
|
Favicon: fmt.Sprintf("%s/img/casbin/favicon.ico", conf.GetConfigString("staticBaseUrl")),
|
|
|
|
|
PasswordType: "plain",
|
|
|
|
|
CountryCodes: []string{"US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN"},
|
|
|
|
|
DefaultAvatar: fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
|
|
|
|
|
Tags: []string{},
|
2023-05-19 16:42:31 +08:00
|
|
|
Languages: []string{"en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi", "pt"},
|
2023-03-03 21:32:06 +08:00
|
|
|
InitScore: 2000,
|
|
|
|
|
AccountItems: getBuiltInAccountItems(),
|
|
|
|
|
EnableSoftDeletion: false,
|
|
|
|
|
IsProfilePublic: false,
|
2021-02-15 10:05:14 +08:00
|
|
|
}
|
|
|
|
|
AddOrganization(organization)
|
2022-03-31 12:28:45 +08:00
|
|
|
return false
|
2021-02-15 10:05:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func initBuiltInUser() {
|
|
|
|
|
user := getUser("built-in", "admin")
|
|
|
|
|
if user != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user = &User{
|
2021-12-23 21:28:40 +08:00
|
|
|
Owner: "built-in",
|
|
|
|
|
Name: "admin",
|
|
|
|
|
CreatedTime: util.GetCurrentTime(),
|
|
|
|
|
Id: util.GenerateId(),
|
|
|
|
|
Type: "normal-user",
|
|
|
|
|
Password: "123",
|
|
|
|
|
DisplayName: "Admin",
|
2022-08-29 21:26:00 +08:00
|
|
|
Avatar: fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
|
2021-12-23 21:28:40 +08:00
|
|
|
Email: "admin@example.com",
|
|
|
|
|
Phone: "12345678910",
|
2023-02-16 22:53:28 +08:00
|
|
|
CountryCode: "CN",
|
2021-12-23 21:28:40 +08:00
|
|
|
Address: []string{},
|
|
|
|
|
Affiliation: "Example Inc.",
|
|
|
|
|
Tag: "staff",
|
|
|
|
|
Score: 2000,
|
|
|
|
|
Ranking: 1,
|
|
|
|
|
IsAdmin: true,
|
|
|
|
|
IsGlobalAdmin: true,
|
|
|
|
|
IsForbidden: false,
|
|
|
|
|
IsDeleted: false,
|
2022-06-29 23:21:18 +08:00
|
|
|
SignupApplication: "app-built-in",
|
2021-12-23 21:28:40 +08:00
|
|
|
CreatedIp: "127.0.0.1",
|
|
|
|
|
Properties: make(map[string]string),
|
2021-02-15 10:05:14 +08:00
|
|
|
}
|
|
|
|
|
AddUser(user)
|
|
|
|
|
}
|
2021-02-15 10:32:14 +08:00
|
|
|
|
|
|
|
|
func initBuiltInApplication() {
|
|
|
|
|
application := getApplication("admin", "app-built-in")
|
|
|
|
|
if application != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
application = &Application{
|
|
|
|
|
Owner: "admin",
|
|
|
|
|
Name: "app-built-in",
|
|
|
|
|
CreatedTime: util.GetCurrentTime(),
|
|
|
|
|
DisplayName: "Casdoor",
|
2022-08-29 21:26:00 +08:00
|
|
|
Logo: fmt.Sprintf("%s/img/casdoor-logo_1185x256.png", conf.GetConfigString("staticBaseUrl")),
|
2021-05-28 22:38:12 +08:00
|
|
|
HomepageUrl: "https://casdoor.org",
|
2021-02-15 10:32:14 +08:00
|
|
|
Organization: "built-in",
|
2021-12-31 09:36:48 +08:00
|
|
|
Cert: "cert-built-in",
|
2021-02-15 10:32:14 +08:00
|
|
|
EnablePassword: true,
|
2021-05-28 22:38:12 +08:00
|
|
|
EnableSignUp: true,
|
2022-06-22 00:03:55 +08:00
|
|
|
Providers: []*ProviderItem{
|
2022-10-28 13:38:14 +08:00
|
|
|
{Name: "provider_captcha_default", CanSignUp: false, CanSignIn: false, CanUnlink: false, Prompted: false, AlertType: "None", Rule: "None", Provider: nil},
|
2022-06-22 00:03:55 +08:00
|
|
|
},
|
2021-09-20 22:17:52 +08:00
|
|
|
SignupItems: []*SignupItem{
|
|
|
|
|
{Name: "ID", Visible: false, Required: true, Prompted: false, Rule: "Random"},
|
|
|
|
|
{Name: "Username", Visible: true, Required: true, Prompted: false, Rule: "None"},
|
|
|
|
|
{Name: "Display name", Visible: true, Required: true, Prompted: false, Rule: "None"},
|
|
|
|
|
{Name: "Password", Visible: true, Required: true, Prompted: false, Rule: "None"},
|
|
|
|
|
{Name: "Confirm password", Visible: true, Required: true, Prompted: false, Rule: "None"},
|
2022-05-02 17:19:40 +08:00
|
|
|
{Name: "Email", Visible: true, Required: true, Prompted: false, Rule: "Normal"},
|
2021-09-20 22:17:52 +08:00
|
|
|
{Name: "Phone", Visible: true, Required: true, Prompted: false, Rule: "None"},
|
|
|
|
|
{Name: "Agreement", Visible: true, Required: true, Prompted: false, Rule: "None"},
|
|
|
|
|
},
|
|
|
|
|
RedirectUris: []string{},
|
|
|
|
|
ExpireInHours: 168,
|
2022-12-04 23:05:30 +08:00
|
|
|
FormOffset: 2,
|
2021-02-15 10:32:14 +08:00
|
|
|
}
|
|
|
|
|
AddApplication(application)
|
|
|
|
|
}
|
2021-07-17 14:13:00 +08:00
|
|
|
|
2022-03-21 21:55:16 +08:00
|
|
|
func readTokenFromFile() (string, string) {
|
|
|
|
|
pemPath := "./object/token_jwt_key.pem"
|
|
|
|
|
keyPath := "./object/token_jwt_key.key"
|
2022-08-09 16:50:49 +08:00
|
|
|
pem, err := os.ReadFile(pemPath)
|
2022-03-21 21:55:16 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return "", ""
|
|
|
|
|
}
|
2022-08-09 16:50:49 +08:00
|
|
|
key, err := os.ReadFile(keyPath)
|
2022-03-21 21:55:16 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return "", ""
|
|
|
|
|
}
|
|
|
|
|
return string(pem), string(key)
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-31 09:36:48 +08:00
|
|
|
func initBuiltInCert() {
|
2022-07-23 09:40:51 +08:00
|
|
|
tokenJwtCertificate, tokenJwtPrivateKey := readTokenFromFile()
|
2021-12-31 09:36:48 +08:00
|
|
|
cert := getCert("admin", "cert-built-in")
|
|
|
|
|
if cert != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cert = &Cert{
|
|
|
|
|
Owner: "admin",
|
|
|
|
|
Name: "cert-built-in",
|
|
|
|
|
CreatedTime: util.GetCurrentTime(),
|
|
|
|
|
DisplayName: "Built-in Cert",
|
|
|
|
|
Scope: "JWT",
|
|
|
|
|
Type: "x509",
|
2022-05-06 09:34:42 +08:00
|
|
|
CryptoAlgorithm: "RS256",
|
2021-12-31 09:36:48 +08:00
|
|
|
BitSize: 4096,
|
|
|
|
|
ExpireInYears: 20,
|
2022-07-23 09:40:51 +08:00
|
|
|
Certificate: tokenJwtCertificate,
|
2021-12-31 09:36:48 +08:00
|
|
|
PrivateKey: tokenJwtPrivateKey,
|
|
|
|
|
}
|
|
|
|
|
AddCert(cert)
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-17 14:13:00 +08:00
|
|
|
func initBuiltInLdap() {
|
|
|
|
|
ldap := GetLdap("ldap-built-in")
|
|
|
|
|
if ldap != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ldap = &Ldap{
|
|
|
|
|
Id: "ldap-built-in",
|
|
|
|
|
Owner: "built-in",
|
|
|
|
|
ServerName: "BuildIn LDAP Server",
|
|
|
|
|
Host: "example.com",
|
|
|
|
|
Port: 389,
|
2023-04-13 14:12:31 +08:00
|
|
|
Username: "cn=buildin,dc=example,dc=com",
|
|
|
|
|
Password: "123",
|
2021-07-17 14:13:00 +08:00
|
|
|
BaseDn: "ou=BuildIn,dc=example,dc=com",
|
|
|
|
|
AutoSync: 0,
|
|
|
|
|
LastSync: "",
|
|
|
|
|
}
|
|
|
|
|
AddLdap(ldap)
|
|
|
|
|
}
|
2022-06-22 00:03:55 +08:00
|
|
|
|
|
|
|
|
func initBuiltInProvider() {
|
2022-11-25 09:36:47 +08:00
|
|
|
provider := GetProvider(util.GetId("admin", "provider_captcha_default"))
|
2022-06-22 00:03:55 +08:00
|
|
|
if provider != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
provider = &Provider{
|
|
|
|
|
Owner: "admin",
|
|
|
|
|
Name: "provider_captcha_default",
|
|
|
|
|
CreatedTime: util.GetCurrentTime(),
|
|
|
|
|
DisplayName: "Captcha Default",
|
|
|
|
|
Category: "Captcha",
|
|
|
|
|
Type: "Default",
|
|
|
|
|
}
|
|
|
|
|
AddProvider(provider)
|
|
|
|
|
}
|
2022-07-12 20:06:01 +08:00
|
|
|
|
|
|
|
|
func initWebAuthn() {
|
|
|
|
|
gob.Register(webauthn.SessionData{})
|
|
|
|
|
}
|
2022-07-24 23:36:55 +08:00
|
|
|
|
2022-08-24 17:21:05 +08:00
|
|
|
func initBuiltInModel() {
|
|
|
|
|
model := GetModel("built-in/model-built-in")
|
|
|
|
|
if model != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
model = &Model{
|
|
|
|
|
Owner: "built-in",
|
|
|
|
|
Name: "model-built-in",
|
|
|
|
|
CreatedTime: util.GetCurrentTime(),
|
|
|
|
|
DisplayName: "Built-in Model",
|
|
|
|
|
IsEnabled: true,
|
|
|
|
|
ModelText: `[request_definition]
|
|
|
|
|
r = sub, obj, act
|
|
|
|
|
|
|
|
|
|
[policy_definition]
|
|
|
|
|
p = sub, obj, act
|
|
|
|
|
|
|
|
|
|
[policy_effect]
|
|
|
|
|
e = some(where (p.eft == allow))
|
|
|
|
|
|
|
|
|
|
[matchers]
|
|
|
|
|
m = r.sub == p.sub && r.obj == p.obj && r.act == p.act`,
|
|
|
|
|
}
|
|
|
|
|
AddModel(model)
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-24 23:36:55 +08:00
|
|
|
func initBuiltInPermission() {
|
|
|
|
|
permission := GetPermission("built-in/permission-built-in")
|
|
|
|
|
if permission != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
permission = &Permission{
|
|
|
|
|
Owner: "built-in",
|
|
|
|
|
Name: "permission-built-in",
|
|
|
|
|
CreatedTime: util.GetCurrentTime(),
|
|
|
|
|
DisplayName: "Built-in Permission",
|
2022-09-02 12:03:13 +08:00
|
|
|
Users: []string{"built-in/*"},
|
2022-07-24 23:36:55 +08:00
|
|
|
Roles: []string{},
|
2022-08-19 11:59:35 +08:00
|
|
|
Domains: []string{},
|
2022-08-24 17:21:05 +08:00
|
|
|
Model: "model-built-in",
|
2022-07-24 23:36:55 +08:00
|
|
|
ResourceType: "Application",
|
|
|
|
|
Resources: []string{"app-built-in"},
|
|
|
|
|
Actions: []string{"Read", "Write", "Admin"},
|
|
|
|
|
Effect: "Allow",
|
|
|
|
|
IsEnabled: true,
|
|
|
|
|
}
|
|
|
|
|
AddPermission(permission)
|
|
|
|
|
}
|
