mirror of
https://github.com/casdoor/casdoor.git
synced 2025-09-07 02:20:28 +08:00
Support server-side upload-resource call.
This commit is contained in:
Yang Luo
@@ -71,6 +71,7 @@ m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
|
|||||||
if true {
|
if true {
|
||||||
ruleText := `
|
ruleText := `
|
||||||
p, built-in, *, *, *, *, *
|
p, built-in, *, *, *, *, *
|
||||||
|
p, app, *, *, *, *, *
|
||||||
p, *, *, POST, /api/signup, *, *
|
p, *, *, POST, /api/signup, *, *
|
||||||
p, *, *, POST, /api/get-email-and-phone, *, *
|
p, *, *, POST, /api/get-email-and-phone, *, *
|
||||||
p, *, *, POST, /api/login, *, *
|
p, *, *, POST, /api/login, *, *
|
||||||
|
|||||||
@@ -19,8 +19,8 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
|
"mime"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/casbin/casdoor/object"
|
"github.com/casbin/casdoor/object"
|
||||||
"github.com/casbin/casdoor/util"
|
"github.com/casbin/casdoor/util"
|
||||||
@@ -80,8 +80,7 @@ func (c *ApiController) GetProviderParam() (*object.Provider, *object.User, bool
|
|||||||
return nil, nil, false
|
return nil, nil, false
|
||||||
}
|
}
|
||||||
|
|
||||||
user := object.GetUser(userId)
|
application, user := object.GetApplicationByUserId(userId)
|
||||||
application := object.GetApplicationByUser(user)
|
|
||||||
provider := application.GetStorageProvider()
|
provider := application.GetStorageProvider()
|
||||||
if provider == nil {
|
if provider == nil {
|
||||||
c.ResponseError(fmt.Sprintf("No storage provider is found for application: %s", application.Name))
|
c.ResponseError(fmt.Sprintf("No storage provider is found for application: %s", application.Name))
|
||||||
@@ -140,10 +139,12 @@ func (c *ApiController) UploadResource() {
|
|||||||
|
|
||||||
fileType := "unknown"
|
fileType := "unknown"
|
||||||
contentType := header.Header.Get("Content-Type")
|
contentType := header.Header.Get("Content-Type")
|
||||||
if strings.HasPrefix(contentType, "image/") {
|
fileType, _ = util.GetOwnerAndNameFromId(contentType)
|
||||||
fileType = "image"
|
|
||||||
} else if strings.HasPrefix(contentType, "video/") {
|
if fileType != "image" && fileType != "video" {
|
||||||
fileType = "video"
|
ext := filepath.Ext(filename)
|
||||||
|
mimeType := mime.TypeByExtension(ext)
|
||||||
|
fileType, _ = util.GetOwnerAndNameFromId(mimeType)
|
||||||
}
|
}
|
||||||
|
|
||||||
fileUrl, objectKey, err := object.UploadFile(provider, fullFilePath, fileBuffer)
|
fileUrl, objectKey, err := object.UploadFile(provider, fullFilePath, fileBuffer)
|
||||||
@@ -172,6 +173,11 @@ func (c *ApiController) UploadResource() {
|
|||||||
|
|
||||||
switch tag {
|
switch tag {
|
||||||
case "avatar":
|
case "avatar":
|
||||||
|
if user == nil {
|
||||||
|
c.ResponseError("user is nil for tag: \"avatar\"")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
user.Avatar = fileUrl
|
user.Avatar = fileUrl
|
||||||
object.UpdateUser(user.GetId(), user)
|
object.UpdateUser(user.GetId(), user)
|
||||||
case "termsOfUse":
|
case "termsOfUse":
|
||||||
|
|||||||
@@ -127,6 +127,21 @@ func GetApplicationByUser(user *User) *Application {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func GetApplicationByUserId(userId string) (*Application, *User) {
|
||||||
|
var application *Application
|
||||||
|
|
||||||
|
owner, name := util.GetOwnerAndNameFromId(userId)
|
||||||
|
if owner == "app" {
|
||||||
|
application = getApplication("admin", name)
|
||||||
|
return application, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
user := GetUser(userId)
|
||||||
|
application = GetApplicationByUser(user)
|
||||||
|
|
||||||
|
return application, user
|
||||||
|
}
|
||||||
|
|
||||||
func GetApplicationByClientId(clientId string) *Application {
|
func GetApplicationByClientId(clientId string) *Application {
|
||||||
application := Application{}
|
application := Application{}
|
||||||
existed, err := adapter.Engine.Where("client_id=?", clientId).Get(&application)
|
existed, err := adapter.Engine.Where("client_id=?", clientId).Get(&application)
|
||||||
|
|||||||
@@ -22,7 +22,6 @@ import (
|
|||||||
|
|
||||||
"github.com/astaxie/beego/context"
|
"github.com/astaxie/beego/context"
|
||||||
"github.com/casbin/casdoor/authz"
|
"github.com/casbin/casdoor/authz"
|
||||||
"github.com/casbin/casdoor/object"
|
|
||||||
"github.com/casbin/casdoor/util"
|
"github.com/casbin/casdoor/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -31,21 +30,6 @@ type Object struct {
|
|||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func getUsernameByClientIdSecret(ctx *context.Context) string {
|
|
||||||
clientId := ctx.Input.Query("clientId")
|
|
||||||
clientSecret := ctx.Input.Query("clientSecret")
|
|
||||||
if clientId == "" || clientSecret == "" {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
app := object.GetApplicationByClientId(clientId)
|
|
||||||
if app == nil || app.ClientSecret != clientSecret {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
return "built-in/service"
|
|
||||||
}
|
|
||||||
|
|
||||||
func getUsername(ctx *context.Context) (username string) {
|
func getUsername(ctx *context.Context) (username string) {
|
||||||
defer func() {
|
defer func() {
|
||||||
if r := recover(); r != nil {
|
if r := recover(); r != nil {
|
||||||
|
|||||||
@@ -60,8 +60,15 @@ func AutoSigninFilter(ctx *context.Context) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// "/page?clientId=123&clientSecret=456"
|
||||||
|
userId := getUsernameByClientIdSecret(ctx)
|
||||||
|
if userId != "" {
|
||||||
|
setSessionUser(ctx, userId)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// "/page?username=abc&password=123"
|
// "/page?username=abc&password=123"
|
||||||
userId := ctx.Input.Query("username")
|
userId = ctx.Input.Query("username")
|
||||||
password := ctx.Input.Query("password")
|
password := ctx.Input.Query("password")
|
||||||
if userId != "" && password != "" {
|
if userId != "" && password != "" {
|
||||||
owner, name := util.GetOwnerAndNameFromId(userId)
|
owner, name := util.GetOwnerAndNameFromId(userId)
|
||||||
|
|||||||
@@ -14,7 +14,12 @@
|
|||||||
|
|
||||||
package routers
|
package routers
|
||||||
|
|
||||||
import "github.com/astaxie/beego/context"
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/astaxie/beego/context"
|
||||||
|
"github.com/casbin/casdoor/object"
|
||||||
|
)
|
||||||
|
|
||||||
type Response struct {
|
type Response struct {
|
||||||
Status string `json:"status"`
|
Status string `json:"status"`
|
||||||
@@ -42,3 +47,18 @@ func responseError(ctx *context.Context, error string, data ...interface{}) {
|
|||||||
func denyRequest(ctx *context.Context) {
|
func denyRequest(ctx *context.Context) {
|
||||||
responseError(ctx, "Unauthorized operation")
|
responseError(ctx, "Unauthorized operation")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getUsernameByClientIdSecret(ctx *context.Context) string {
|
||||||
|
clientId := ctx.Input.Query("clientId")
|
||||||
|
clientSecret := ctx.Input.Query("clientSecret")
|
||||||
|
if clientId == "" || clientSecret == "" {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
application := object.GetApplicationByClientId(clientId)
|
||||||
|
if application == nil || application.ClientSecret != clientSecret {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
return fmt.Sprintf("app/%s", application.Name)
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user