mirror of
https://github.com/casdoor/casdoor.git
synced 2025-05-23 02:35:49 +08:00
5661942175
* feat: add CLI version cache mechanism * feat: add /api/refresh-engines to allowed endpoints in demo mode * feat: add proxy support for cli downloader * feat: add SafeGoroutine for CLIDownloader initialization * refactor: optimize code structure
248 lines
6.8 KiB
Go
248 lines
6.8 KiB
Go
// Copyright 2024 The Casdoor Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package controllers
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"fmt"
|
|
"os"
|
|
"os/exec"
|
|
"sort"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
)
|
|
|
|
type CLIVersionInfo struct {
|
|
Version string
|
|
BinaryPath string
|
|
BinaryTime time.Time
|
|
}
|
|
|
|
var (
|
|
cliVersionCache = make(map[string]*CLIVersionInfo)
|
|
cliVersionMutex sync.RWMutex
|
|
)
|
|
|
|
// getCLIVersion
|
|
// @Title getCLIVersion
|
|
// @Description Get CLI version with cache mechanism
|
|
// @Param language string The language of CLI (go/java/rust etc.)
|
|
// @Return string The version string of CLI
|
|
// @Return error Error if CLI execution fails
|
|
func getCLIVersion(language string) (string, error) {
|
|
binaryName := fmt.Sprintf("casbin-%s-cli", language)
|
|
|
|
binaryPath, err := exec.LookPath(binaryName)
|
|
if err != nil {
|
|
return "", fmt.Errorf("executable file not found: %v", err)
|
|
}
|
|
|
|
fileInfo, err := os.Stat(binaryPath)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to get binary info: %v", err)
|
|
}
|
|
|
|
cliVersionMutex.RLock()
|
|
if info, exists := cliVersionCache[language]; exists {
|
|
if info.BinaryPath == binaryPath && info.BinaryTime == fileInfo.ModTime() {
|
|
cliVersionMutex.RUnlock()
|
|
return info.Version, nil
|
|
}
|
|
}
|
|
cliVersionMutex.RUnlock()
|
|
|
|
cmd := exec.Command(binaryName, "--version")
|
|
output, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to get CLI version: %v", err)
|
|
}
|
|
|
|
version := strings.TrimSpace(string(output))
|
|
|
|
cliVersionMutex.Lock()
|
|
cliVersionCache[language] = &CLIVersionInfo{
|
|
Version: version,
|
|
BinaryPath: binaryPath,
|
|
BinaryTime: fileInfo.ModTime(),
|
|
}
|
|
cliVersionMutex.Unlock()
|
|
|
|
return version, nil
|
|
}
|
|
|
|
func processArgsToTempFiles(args []string) ([]string, []string, error) {
|
|
tempFiles := []string{}
|
|
newArgs := []string{}
|
|
for i := 0; i < len(args); i++ {
|
|
if (args[i] == "-m" || args[i] == "-p") && i+1 < len(args) {
|
|
pattern := fmt.Sprintf("casbin_temp_%s_*.conf", args[i])
|
|
tempFile, err := os.CreateTemp("", pattern)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("failed to create temp file: %v", err)
|
|
}
|
|
|
|
_, err = tempFile.WriteString(args[i+1])
|
|
if err != nil {
|
|
tempFile.Close()
|
|
return nil, nil, fmt.Errorf("failed to write to temp file: %v", err)
|
|
}
|
|
|
|
tempFile.Close()
|
|
tempFiles = append(tempFiles, tempFile.Name())
|
|
newArgs = append(newArgs, args[i], tempFile.Name())
|
|
i++
|
|
} else {
|
|
newArgs = append(newArgs, args[i])
|
|
}
|
|
}
|
|
return tempFiles, newArgs, nil
|
|
}
|
|
|
|
// RunCasbinCommand
|
|
// @Title RunCasbinCommand
|
|
// @Tag Enforcer API
|
|
// @Description Call Casbin CLI commands
|
|
// @Success 200 {object} controllers.Response The Response object
|
|
// @router /run-casbin-command [get]
|
|
func (c *ApiController) RunCasbinCommand() {
|
|
if err := validateIdentifier(c); err != nil {
|
|
c.ResponseError(err.Error())
|
|
return
|
|
}
|
|
|
|
language := c.Input().Get("language")
|
|
argString := c.Input().Get("args")
|
|
|
|
if language == "" {
|
|
language = "go"
|
|
}
|
|
// use "casbin-go-cli" by default, can be also "casbin-java-cli", "casbin-node-cli", etc.
|
|
// the pre-built binary of "casbin-go-cli" can be found at: https://github.com/casbin/casbin-go-cli/releases
|
|
binaryName := fmt.Sprintf("casbin-%s-cli", language)
|
|
|
|
_, err := exec.LookPath(binaryName)
|
|
if err != nil {
|
|
c.ResponseError(fmt.Sprintf("executable file: %s not found in PATH", binaryName))
|
|
return
|
|
}
|
|
|
|
// RBAC model & policy example:
|
|
// https://door.casdoor.com/api/run-casbin-command?language=go&args=["enforce", "-m", "[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[role_definition]\ng = _, _\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nm = g(r.sub, p.sub) %26%26 r.obj == p.obj %26%26 r.act == p.act", "-p", "p, alice, data1, read\np, bob, data2, write\np, data2_admin, data2, read\np, data2_admin, data2, write\ng, alice, data2_admin", "alice", "data1", "read"]
|
|
// Casbin CLI usage:
|
|
// https://github.com/jcasbin/casbin-java-cli?tab=readme-ov-file#get-started
|
|
var args []string
|
|
err = json.Unmarshal([]byte(argString), &args)
|
|
if err != nil {
|
|
c.ResponseError(err.Error())
|
|
return
|
|
}
|
|
|
|
if len(args) > 0 && args[0] == "--version" {
|
|
version, err := getCLIVersion(language)
|
|
if err != nil {
|
|
c.ResponseError(err.Error())
|
|
return
|
|
}
|
|
c.ResponseOk(version)
|
|
return
|
|
}
|
|
|
|
tempFiles, processedArgs, err := processArgsToTempFiles(args)
|
|
defer func() {
|
|
for _, file := range tempFiles {
|
|
os.Remove(file)
|
|
}
|
|
}()
|
|
if err != nil {
|
|
c.ResponseError(err.Error())
|
|
return
|
|
}
|
|
|
|
command := exec.Command(binaryName, processedArgs...)
|
|
outputBytes, err := command.CombinedOutput()
|
|
if err != nil {
|
|
errorString := err.Error()
|
|
if outputBytes != nil {
|
|
output := string(outputBytes)
|
|
errorString = fmt.Sprintf("%s, error: %s", output, err.Error())
|
|
}
|
|
|
|
c.ResponseError(errorString)
|
|
return
|
|
}
|
|
|
|
output := string(outputBytes)
|
|
output = strings.TrimSuffix(output, "\n")
|
|
c.ResponseOk(output)
|
|
}
|
|
|
|
// validateIdentifier
|
|
// @Title validateIdentifier
|
|
// @Description Validate the request hash and timestamp
|
|
// @Param hash string The SHA-256 hash string
|
|
// @Return error Returns error if validation fails, nil if successful
|
|
func validateIdentifier(c *ApiController) error {
|
|
language := c.Input().Get("language")
|
|
args := c.Input().Get("args")
|
|
hash := c.Input().Get("m")
|
|
timestamp := c.Input().Get("t")
|
|
|
|
if hash == "" || timestamp == "" || language == "" || args == "" {
|
|
return fmt.Errorf("invalid identifier")
|
|
}
|
|
|
|
requestTime, err := time.Parse(time.RFC3339, timestamp)
|
|
if err != nil {
|
|
return fmt.Errorf("invalid identifier")
|
|
}
|
|
timeDiff := time.Since(requestTime)
|
|
if timeDiff > 5*time.Minute || timeDiff < -5*time.Minute {
|
|
return fmt.Errorf("invalid identifier")
|
|
}
|
|
|
|
params := map[string]string{
|
|
"language": language,
|
|
"args": args,
|
|
}
|
|
|
|
keys := make([]string, 0, len(params))
|
|
for k := range params {
|
|
keys = append(keys, k)
|
|
}
|
|
sort.Strings(keys)
|
|
|
|
var paramParts []string
|
|
for _, k := range keys {
|
|
paramParts = append(paramParts, fmt.Sprintf("%s=%s", k, params[k]))
|
|
}
|
|
paramString := strings.Join(paramParts, "&")
|
|
|
|
version := "casbin-editor-v1"
|
|
rawString := fmt.Sprintf("%s|%s|%s", version, timestamp, paramString)
|
|
|
|
hasher := sha256.New()
|
|
hasher.Write([]byte(rawString))
|
|
|
|
calculatedHash := strings.ToLower(hex.EncodeToString(hasher.Sum(nil)))
|
|
if calculatedHash != strings.ToLower(hash) {
|
|
return fmt.Errorf("invalid identifier")
|
|
}
|
|
|
|
return nil
|
|
}
|