diff --git a/authz/authz.go b/authz/authz.go index 9e89d32a..bd60bdd1 100644 --- a/authz/authz.go +++ b/authz/authz.go @@ -71,6 +71,7 @@ m = (r.subOwner == p.subOwner || p.subOwner == "*") && \ if true { ruleText := ` p, built-in, *, *, *, *, * +p, app, *, *, *, *, * p, *, *, POST, /api/signup, *, * p, *, *, POST, /api/get-email-and-phone, *, * p, *, *, POST, /api/login, *, * diff --git a/controllers/resource.go b/controllers/resource.go index c35cf6bb..b9281595 100644 --- a/controllers/resource.go +++ b/controllers/resource.go @@ -19,8 +19,8 @@ import ( "encoding/json" "fmt" "io" + "mime" "path/filepath" - "strings" "github.com/casbin/casdoor/object" "github.com/casbin/casdoor/util" @@ -80,8 +80,7 @@ func (c *ApiController) GetProviderParam() (*object.Provider, *object.User, bool return nil, nil, false } - user := object.GetUser(userId) - application := object.GetApplicationByUser(user) + application, user := object.GetApplicationByUserId(userId) provider := application.GetStorageProvider() if provider == nil { c.ResponseError(fmt.Sprintf("No storage provider is found for application: %s", application.Name)) @@ -140,10 +139,12 @@ func (c *ApiController) UploadResource() { fileType := "unknown" contentType := header.Header.Get("Content-Type") - if strings.HasPrefix(contentType, "image/") { - fileType = "image" - } else if strings.HasPrefix(contentType, "video/") { - fileType = "video" + fileType, _ = util.GetOwnerAndNameFromId(contentType) + + if fileType != "image" && fileType != "video" { + ext := filepath.Ext(filename) + mimeType := mime.TypeByExtension(ext) + fileType, _ = util.GetOwnerAndNameFromId(mimeType) } fileUrl, objectKey, err := object.UploadFile(provider, fullFilePath, fileBuffer) @@ -172,6 +173,11 @@ func (c *ApiController) UploadResource() { switch tag { case "avatar": + if user == nil { + c.ResponseError("user is nil for tag: \"avatar\"") + return + } + user.Avatar = fileUrl object.UpdateUser(user.GetId(), user) case "termsOfUse": diff --git a/object/application.go b/object/application.go index cb3090bf..cee0f4c9 100644 --- a/object/application.go +++ b/object/application.go @@ -127,6 +127,21 @@ func GetApplicationByUser(user *User) *Application { } } +func GetApplicationByUserId(userId string) (*Application, *User) { + var application *Application + + owner, name := util.GetOwnerAndNameFromId(userId) + if owner == "app" { + application = getApplication("admin", name) + return application, nil + } + + user := GetUser(userId) + application = GetApplicationByUser(user) + + return application, user +} + func GetApplicationByClientId(clientId string) *Application { application := Application{} existed, err := adapter.Engine.Where("client_id=?", clientId).Get(&application) diff --git a/routers/authz_filter.go b/routers/authz_filter.go index 9d961577..cc85d3b8 100644 --- a/routers/authz_filter.go +++ b/routers/authz_filter.go @@ -22,7 +22,6 @@ import ( "github.com/astaxie/beego/context" "github.com/casbin/casdoor/authz" - "github.com/casbin/casdoor/object" "github.com/casbin/casdoor/util" ) @@ -31,21 +30,6 @@ type Object struct { Name string `json:"name"` } -func getUsernameByClientIdSecret(ctx *context.Context) string { - clientId := ctx.Input.Query("clientId") - clientSecret := ctx.Input.Query("clientSecret") - if clientId == "" || clientSecret == "" { - return "" - } - - app := object.GetApplicationByClientId(clientId) - if app == nil || app.ClientSecret != clientSecret { - return "" - } - - return "built-in/service" -} - func getUsername(ctx *context.Context) (username string) { defer func() { if r := recover(); r != nil { diff --git a/routers/auto_signin_filter.go b/routers/auto_signin_filter.go index cca57791..b9017705 100644 --- a/routers/auto_signin_filter.go +++ b/routers/auto_signin_filter.go @@ -60,8 +60,15 @@ func AutoSigninFilter(ctx *context.Context) { return } + // "/page?clientId=123&clientSecret=456" + userId := getUsernameByClientIdSecret(ctx) + if userId != "" { + setSessionUser(ctx, userId) + return + } + // "/page?username=abc&password=123" - userId := ctx.Input.Query("username") + userId = ctx.Input.Query("username") password := ctx.Input.Query("password") if userId != "" && password != "" { owner, name := util.GetOwnerAndNameFromId(userId) diff --git a/routers/base.go b/routers/base.go index 18c3159c..b3bdf054 100644 --- a/routers/base.go +++ b/routers/base.go @@ -14,7 +14,12 @@ package routers -import "github.com/astaxie/beego/context" +import ( + "fmt" + + "github.com/astaxie/beego/context" + "github.com/casbin/casdoor/object" +) type Response struct { Status string `json:"status"` @@ -42,3 +47,18 @@ func responseError(ctx *context.Context, error string, data ...interface{}) { func denyRequest(ctx *context.Context) { responseError(ctx, "Unauthorized operation") } + +func getUsernameByClientIdSecret(ctx *context.Context) string { + clientId := ctx.Input.Query("clientId") + clientSecret := ctx.Input.Query("clientSecret") + if clientId == "" || clientSecret == "" { + return "" + } + + application := object.GetApplicationByClientId(clientId) + if application == nil || application.ClientSecret != clientSecret { + return "" + } + + return fmt.Sprintf("app/%s", application.Name) +}