maingate는 admin 계정으로 통일 또는 ApiToken

2023-06-19 21:19:45 +09:00
parent 4bb25a1eff
commit 09328575ad
3 changed files with 91 additions and 113 deletions
--- a/core/service.go
+++ b/core/service.go
@ -138,7 +138,7 @@ type serviceDescription struct {
 	ServiceDescriptionSummary `bson:",inline" json:",inline"`
 	Divisions                 map[string]*Division `bson:"divisions" json:"divisions"`
 	ServerApiTokens           []primitive.ObjectID `bson:"api_tokens" json:"api_tokens"`
-	ApiUsers                  map[string][]string  `bson:"api_users" json:"api_users"`
+	Admins                    []string             `bson:"admins" json:"admins"`

 	auths                 *common.AuthCollection
 	wl                    whitelist
@ -150,13 +150,26 @@ type serviceDescription struct {
 	updateUserinfo        func(info usertokeninfo) (bool, string, string)
 	getProviderInfo       func(platform string, uid string) (string, string, error)

-	apiUsers                    unsafe.Pointer
+	admins                      unsafe.Pointer
 	divisionsForUsersSerialized unsafe.Pointer
 	divisionsSerialized         unsafe.Pointer
 	serviceSerialized           unsafe.Pointer
 	serviceSummarySerialized    unsafe.Pointer
 }

+func (sh *serviceDescription) isValidToken(apiToken primitive.ObjectID) bool {
+	if apiToken.IsZero() {
+		return false
+	}
+
+	for _, test := range sh.ServerApiTokens {
+		if test == apiToken {
+			return true
+		}
+	}
+	return false
+}
+
 func (sh *serviceDescription) readProfile(authtype string, id string, binfo string) (email string, err error) {
 	defer func() {
 		s := recover()
@ -254,25 +267,7 @@ func (sh *serviceDescription) prepare(mg *Maingate) error {
 	}

 	sh.wl.init(whites)
-
-	if len(sh.ApiUsers) == 0 {
-		sh.ApiUsers = map[string][]string{
-			"service":     {},
-			"whitelist":   {},
-			"account":     {},
-			"maintenance": {},
-		}
-	}
-	parsedUsers := make(map[string]map[string]bool)
-	for cat, users := range sh.ApiUsers {
-		catusers := make(map[string]bool)
-		for _, user := range users {
-			catusers[user] = true
-		}
-		parsedUsers[cat] = catusers
-	}
-
-	sh.apiUsers = unsafe.Pointer(&parsedUsers)
+	sh.admins = unsafe.Pointer(&sh.Admins)
 	for _, keyid := range sh.ServerApiTokens {
 		mg.apiTokenToService.add(keyid.Hex(), sh.ServiceCode)
 	}
@ -283,7 +278,7 @@ func (sh *serviceDescription) prepare(mg *Maingate) error {
 	btsum, _ := json.Marshal(sh.ServiceDescriptionSummary)
 	atomic.StorePointer(&sh.serviceSummarySerialized, unsafe.Pointer(&btsum))

-	logger.Println("service is ready :", sh.ServiceName, sh.ServiceCode, sh.ApiUsers, string(divmarshaled))
+	logger.Println("service is ready :", sh.ServiceName, sh.ServiceCode, sh.Admins, string(divmarshaled))

 	return nil
 }
@ -410,30 +405,15 @@ func (sh *serviceDescription) link(w http.ResponseWriter, r *http.Request) {
 	logger.Println("link success :", r.URL.Query())
 }

-func (sh *serviceDescription) isValidAPIUser(category string, email string) bool {
-	ptr := atomic.LoadPointer(&sh.apiUsers)
-	catusers := *(*map[string]map[string]bool)(ptr)
+func (sh *serviceDescription) isAdmin(email string) bool {
+	ptr := atomic.LoadPointer(&sh.admins)
+	admins := *(*[]string)(ptr)

-	if category == "*" {
-		for _, users := range catusers {
-			if _, ok := users[email]; ok {
-				return true
-			}
-		}
-		logger.Println("isValidAPIUser failed. email is not allowed :", category, email, catusers)
-		return false
-	}
-
-	if users, ok := catusers[category]; ok {
-		if _, ok := users[email]; ok {
+	for _, a := range admins {
+		if a == email {
 			return true
 		}
-
-		logger.Println("isValidAPIUser failed. email is not allowed :", category, email, users)
-		return false
 	}
-
-	logger.Println("isValidAPIUser failed. category is missing :", category)
 	return false
 }