feat: add enableErrorMask config

feat: handle error in ApiFilter
feat: add ManagedAccounts to JWT
2025-08-03 03:10:30 +08:00 · 2024-08-23 22:19:17 +08:00 · 2024-08-23 21:50:48 +08:00 · 2024-08-20 22:23:58 +08:00 · 2024-08-20 17:56:53 +08:00 · 2024-08-20 17:29:37 +08:00
5 changed files with 36 additions and 13 deletions
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -21,6 +21,7 @@ originFrontend =
 staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
+enableErrorMask = false
 enableGzip = true
 ldapServerPort = 389
 radiusServerPort = 1812
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -45,6 +45,13 @@ func (c *ApiController) ResponseOk(data ...interface{}) {

 // ResponseError ...
 func (c *ApiController) ResponseError(error string, data ...interface{}) {
+	enableErrorMask := conf.GetConfigBool("enableErrorMask")
+	if enableErrorMask {
+		if strings.HasPrefix(error, "The user: ") && strings.HasSuffix(error, " doesn't exist") || strings.HasPrefix(error, "用户: ") && strings.HasSuffix(error, "不存在") {
+			error = c.T("check:password or code is incorrect")
+		}
+	}
+
 	resp := &Response{Status: "error", Msg: error}
 	c.ResponseJsonData(resp, data...)
 }
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@@ -128,7 +128,7 @@ type UserWithoutThirdIdp struct {
 	LastSigninWrongTime string `xorm:"varchar(100)" json:"lastSigninWrongTime"`
 	SigninWrongTimes    int    `json:"signinWrongTimes"`

-	// ManagedAccounts []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
+	ManagedAccounts []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
 }

 type ClaimsShort struct {
@@ -254,6 +254,8 @@ func getUserWithoutThirdIdp(user *User) *UserWithoutThirdIdp {

 		LastSigninWrongTime: user.LastSigninWrongTime,
 		SigninWrongTimes:    user.SigninWrongTimes,
+
+		ManagedAccounts: user.ManagedAccounts,
 	}

 	return res
--- a/routers/authz_filter.go
+++ b/routers/authz_filter.go
@@ -56,7 +56,7 @@ func getSubject(ctx *context.Context) (string, string) {
 	return util.GetOwnerAndNameFromId(username)
 }

-func getObject(ctx *context.Context) (string, string) {
+func getObject(ctx *context.Context) (string, string, error) {
 	method := ctx.Request.Method
 	path := ctx.Request.URL.Path

@@ -65,13 +65,13 @@ func getObject(ctx *context.Context) (string, string) {
 			if ctx.Input.Query("id") == "/" {
 				adapterId := ctx.Input.Query("adapterId")
 				if adapterId != "" {
-					return util.GetOwnerAndNameFromIdNoCheck(adapterId)
+					return util.GetOwnerAndNameFromIdWithError(adapterId)
 				}
 			} else {
 				// query == "?id=built-in/admin"
 				id := ctx.Input.Query("id")
 				if id != "" {
-					return util.GetOwnerAndNameFromIdNoCheck(id)
+					return util.GetOwnerAndNameFromIdWithError(id)
 				}
 			}
 		}
@@ -80,34 +80,33 @@ func getObject(ctx *context.Context) (string, string) {
 			// query == "?id=built-in/admin"
 			id := ctx.Input.Query("id")
 			if id != "" {
-				return util.GetOwnerAndNameFromIdNoCheck(id)
+				return util.GetOwnerAndNameFromIdWithError(id)
 			}
 		}

 		owner := ctx.Input.Query("owner")
 		if owner != "" {
-			return owner, ""
+			return owner, "", nil
 		}

-		return "", ""
+		return "", "", nil
 	} else {
 		if path == "/api/add-policy" || path == "/api/remove-policy" || path == "/api/update-policy" {
 			id := ctx.Input.Query("id")
 			if id != "" {
-				return util.GetOwnerAndNameFromIdNoCheck(id)
+				return util.GetOwnerAndNameFromIdWithError(id)
 			}
 		}

 		body := ctx.Input.RequestBody
 		if len(body) == 0 {
-			return ctx.Request.Form.Get("owner"), ctx.Request.Form.Get("name")
+			return ctx.Request.Form.Get("owner"), ctx.Request.Form.Get("name"), nil
 		}

 		var obj Object
 		err := json.Unmarshal(body, &obj)
 		if err != nil {
-			// panic(err)
-			return "", ""
+			return "", "", err
 		}

 		if path == "/api/delete-resource" {
@@ -117,7 +116,7 @@ func getObject(ctx *context.Context) (string, string) {
 			}
 		}

-		return obj.Owner, obj.Name
+		return obj.Owner, obj.Name, nil
 	}
 }

@@ -183,7 +182,12 @@ func ApiFilter(ctx *context.Context) {

 	objOwner, objName := "", ""
 	if urlPath != "/api/get-app-login" && urlPath != "/api/get-resource" {
-		objOwner, objName = getObject(ctx)
+		var err error
+		objOwner, objName, err = getObject(ctx)
+		if err != nil {
+			responseError(ctx, err.Error())
+			return
+		}
 	}

 	if strings.HasPrefix(urlPath, "/api/notify-payment") {
--- a/util/string.go
+++ b/util/string.go
@@ -131,6 +131,15 @@ func GetOwnerAndNameFromId(id string) (string, string) {
 	return tokens[0], tokens[1]
 }

+func GetOwnerAndNameFromIdWithError(id string) (string, string, error) {
+	tokens := strings.Split(id, "/")
+	if len(tokens) != 2 {
+		return "", "", errors.New("GetOwnerAndNameFromId() error, wrong token count for ID: " + id)
+	}
+
+	return tokens[0], tokens[1], nil
+}
+
 func GetOwnerFromId(id string) string {
 	tokens := strings.Split(id, "/")
 	if len(tokens) != 2 {
Author	SHA1	Message	Date
Yang Luo	0b8be016c5	feat: add enableErrorMask config	2024-08-23 22:19:17 +08:00
Yang Luo	986dcbbda1	feat: handle error in ApiFilter	2024-08-23 21:50:48 +08:00
Yang Luo	7d3920fb1f	feat: add ManagedAccounts to JWT	2024-08-20 22:23:58 +08:00
Yang Luo	b794ef87ee	feat: Revert "feat: support reCAPTCHA v3 captcha provider" (#3135 ) This reverts commit `a0d6f2125e`.	2024-08-20 17:56:53 +08:00
ZhaoYP 2001	a0d6f2125e	feat: support reCAPTCHA v3 captcha provider (#3130 )	2024-08-20 17:29:37 +08:00