mirror of
https://github.com/casdoor/casdoor.git
synced 2025-05-23 02:35:49 +08:00
Support server-side upload-resource call.
This commit is contained in:
Yang Luo
parent
06006c87b8
commit
14d09cad2c
@ -71,6 +71,7 @@ m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
|
||||
if true {
|
||||
ruleText := `
|
||||
p, built-in, *, *, *, *, *
|
||||
p, app, *, *, *, *, *
|
||||
p, *, *, POST, /api/signup, *, *
|
||||
p, *, *, POST, /api/get-email-and-phone, *, *
|
||||
p, *, *, POST, /api/login, *, *
|
||||
|
||||
@ -19,8 +19,8 @@ import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"mime"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/casbin/casdoor/object"
|
||||
"github.com/casbin/casdoor/util"
|
||||
@ -80,8 +80,7 @@ func (c *ApiController) GetProviderParam() (*object.Provider, *object.User, bool
|
||||
return nil, nil, false
|
||||
}
|
||||
|
||||
user := object.GetUser(userId)
|
||||
application := object.GetApplicationByUser(user)
|
||||
application, user := object.GetApplicationByUserId(userId)
|
||||
provider := application.GetStorageProvider()
|
||||
if provider == nil {
|
||||
c.ResponseError(fmt.Sprintf("No storage provider is found for application: %s", application.Name))
|
||||
@ -140,10 +139,12 @@ func (c *ApiController) UploadResource() {
|
||||
|
||||
fileType := "unknown"
|
||||
contentType := header.Header.Get("Content-Type")
|
||||
if strings.HasPrefix(contentType, "image/") {
|
||||
fileType = "image"
|
||||
} else if strings.HasPrefix(contentType, "video/") {
|
||||
fileType = "video"
|
||||
fileType, _ = util.GetOwnerAndNameFromId(contentType)
|
||||
|
||||
if fileType != "image" && fileType != "video" {
|
||||
ext := filepath.Ext(filename)
|
||||
mimeType := mime.TypeByExtension(ext)
|
||||
fileType, _ = util.GetOwnerAndNameFromId(mimeType)
|
||||
}
|
||||
|
||||
fileUrl, objectKey, err := object.UploadFile(provider, fullFilePath, fileBuffer)
|
||||
@ -172,6 +173,11 @@ func (c *ApiController) UploadResource() {
|
||||
|
||||
switch tag {
|
||||
case "avatar":
|
||||
if user == nil {
|
||||
c.ResponseError("user is nil for tag: \"avatar\"")
|
||||
return
|
||||
}
|
||||
|
||||
user.Avatar = fileUrl
|
||||
object.UpdateUser(user.GetId(), user)
|
||||
case "termsOfUse":
|
||||
|
||||
@ -127,6 +127,21 @@ func GetApplicationByUser(user *User) *Application {
|
||||
}
|
||||
}
|
||||
|
||||
func GetApplicationByUserId(userId string) (*Application, *User) {
|
||||
var application *Application
|
||||
|
||||
owner, name := util.GetOwnerAndNameFromId(userId)
|
||||
if owner == "app" {
|
||||
application = getApplication("admin", name)
|
||||
return application, nil
|
||||
}
|
||||
|
||||
user := GetUser(userId)
|
||||
application = GetApplicationByUser(user)
|
||||
|
||||
return application, user
|
||||
}
|
||||
|
||||
func GetApplicationByClientId(clientId string) *Application {
|
||||
application := Application{}
|
||||
existed, err := adapter.Engine.Where("client_id=?", clientId).Get(&application)
|
||||
|
||||
@ -22,7 +22,6 @@ import (
|
||||
|
||||
"github.com/astaxie/beego/context"
|
||||
"github.com/casbin/casdoor/authz"
|
||||
"github.com/casbin/casdoor/object"
|
||||
"github.com/casbin/casdoor/util"
|
||||
)
|
||||
|
||||
@ -31,21 +30,6 @@ type Object struct {
|
||||
Name string `json:"name"`
|
||||
}
|
||||
|
||||
func getUsernameByClientIdSecret(ctx *context.Context) string {
|
||||
clientId := ctx.Input.Query("clientId")
|
||||
clientSecret := ctx.Input.Query("clientSecret")
|
||||
if clientId == "" || clientSecret == "" {
|
||||
return ""
|
||||
}
|
||||
|
||||
app := object.GetApplicationByClientId(clientId)
|
||||
if app == nil || app.ClientSecret != clientSecret {
|
||||
return ""
|
||||
}
|
||||
|
||||
return "built-in/service"
|
||||
}
|
||||
|
||||
func getUsername(ctx *context.Context) (username string) {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
|
||||
@ -60,8 +60,15 @@ func AutoSigninFilter(ctx *context.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
// "/page?clientId=123&clientSecret=456"
|
||||
userId := getUsernameByClientIdSecret(ctx)
|
||||
if userId != "" {
|
||||
setSessionUser(ctx, userId)
|
||||
return
|
||||
}
|
||||
|
||||
// "/page?username=abc&password=123"
|
||||
userId := ctx.Input.Query("username")
|
||||
userId = ctx.Input.Query("username")
|
||||
password := ctx.Input.Query("password")
|
||||
if userId != "" && password != "" {
|
||||
owner, name := util.GetOwnerAndNameFromId(userId)
|
||||
|
||||
@ -14,7 +14,12 @@
|
||||
|
||||
package routers
|
||||
|
||||
import "github.com/astaxie/beego/context"
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/astaxie/beego/context"
|
||||
"github.com/casbin/casdoor/object"
|
||||
)
|
||||
|
||||
type Response struct {
|
||||
Status string `json:"status"`
|
||||
@ -42,3 +47,18 @@ func responseError(ctx *context.Context, error string, data ...interface{}) {
|
||||
func denyRequest(ctx *context.Context) {
|
||||
responseError(ctx, "Unauthorized operation")
|
||||
}
|
||||
|
||||
func getUsernameByClientIdSecret(ctx *context.Context) string {
|
||||
clientId := ctx.Input.Query("clientId")
|
||||
clientSecret := ctx.Input.Query("clientSecret")
|
||||
if clientId == "" || clientSecret == "" {
|
||||
return ""
|
||||
}
|
||||
|
||||
application := object.GetApplicationByClientId(clientId)
|
||||
if application == nil || application.ClientSecret != clientSecret {
|
||||
return ""
|
||||
}
|
||||
|
||||
return fmt.Sprintf("app/%s", application.Name)
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user