人员信息获取保护

2 years ago · c61874771a
6 changed files with 64 additions and 63 deletions
--- a/api/app/lib/controllers/alarm/data.js
+++ b/api/app/lib/controllers/alarm/data.js
@ -2,12 +2,24 @@

 async function list (ctx) {
   try {
-      const models = ctx.fs.dc.models;
+      const { models } = ctx.fs.dc;
      const { clickHouse } = ctx.app.fs
+      const { utils: { judgeSuper, anxinStrucRange } } = ctx.app.fs
+      const { database: anxinyun } = clickHouse.anxinyun.opts.config

+      const isSuper = judgeSuper(ctx)
+      let anxinStrucIds = null
+      if (!isSuper) {
+         anxinStrucIds = await anxinStrucRange(ctx)
+      }
      const alarmRes = await clickHouse.dataAlarm.query(`
-         SELECT * FROM alarms
-      `)
+         SELECT 
+            AlarmId, SourceName, name
+         FROM 
+            alarms 
+         LEFT JOIN ${anxinyun}.t_structure 
+         ON ${anxinyun}.t_structure.id = alarms.StructureId
+      `).toPromise();

      ctx.status = 200;
      ctx.body = []
--- a/api/app/lib/controllers/organization/index.js
+++ b/api/app/lib/controllers/organization/index.js
@ -218,13 +218,13 @@ async function user (ctx) {

      for (let u of userRes.rows.concat(adminRes)) {
         const corUsers = userPepRes.filter(up => up.id == u.pepUserId)
-         u.dataValues.name = corUsers[0].name
-         u.dataValues.departments = corUsers.map(cu => {
+         u.dataValues.name = corUsers.length ? corUsers[0].name : ''
+         u.dataValues.departments = corUsers.length ? corUsers.map(cu => {
            return {
               name: cu.depName,
               id: cu.depId
            }
-         })
+         }) : []
      }

      ctx.status = 200
--- a/api/app/lib/controllers/project/bind.js
+++ b/api/app/lib/controllers/project/bind.js
@ -166,7 +166,7 @@ async function del (ctx) {

      ctx.status = 204;
   } catch (error) {
-      ctx.fs.logger.error(`path: ${ctx.path}, error: error`);
+      ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
      ctx.status = 400;
      ctx.body = {
         message: typeof error == 'string' ? error : undefined
--- a/api/app/lib/middlewares/authenticator.js
+++ b/api/app/lib/middlewares/authenticator.js
@ -80,13 +80,13 @@ let authorizeToken = async function (ctx, token) {
               where: {
                  pepUserId: userInfo.id
               }
-            })
+            }) || {}
            rslt = {
               'authorized': userInfo.authorized,
               'resources': (userInfo || {}).resources || [],
            };
            ctx.fs.api.userId = pomsUser.id;
-            ctx.fs.api.userInfo = pomsUser;
+            ctx.fs.api.userInfo = pomsUser.dataValues;
            ctx.fs.api.pepUserId = userInfo.id;
            ctx.fs.api.pepUserInfo = userInfo;
            ctx.fs.api.token = token;
--- a/api/app/lib/utils/dataRange.js
+++ b/api/app/lib/utils/dataRange.js
@ -0,0 +1,43 @@
+'use strict';
+const fs = require('fs');
+const moment = require('moment')
+
+module.exports = function (app, opts) {
+
+   function judgeSuper (ctx) {
+      try {
+         const { userInfo = {} } = ctx.fs.api || {};
+         const { role = [] } = userInfo
+         return role.includes('SuperAdmin')
+      } catch (error) {
+         ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
+      }
+   }
+
+   async function anxinStrucRange (ctx) {
+      try {
+         const { models } = ctx.fs.dc;
+         const { userInfo = {} } = ctx.fs.api || {};
+         const { correlationProject = [] } = userInfo
+
+         const bindRes = await models.ProjectCorrelation.findAll({
+            where: {
+               pepProjectId: { $in: correlationProject }
+            }
+         })
+         return bindRes.reduce((arr, b) => {
+            for (let sid of b.anxinProjectId) {
+               arr.add(sid);
+            }
+            return arr;
+         }, new Set())
+      } catch (error) {
+         ctx.fs.logger.error(`path: ${ctx.path}, error: ${error}`);
+      }
+   }
+
+   return {
+      judgeSuper,
+      anxinStrucRange
+   }
+}
--- a/api/app/lib/utils/oauth2.js
+++ b/api/app/lib/utils/oauth2.js
@ -1,54 +0,0 @@
-const fs = require('fs');
-
-module.exports = function (app, opts) {
-    async function oauthParseAuthHeader (auth) {
-        if (!auth) {
-            throw new Error('参数无效: 未包含Authorization头');
-        }
-
-        const authSplit = auth.split('Basic');
-        if (authSplit.length != 2) {
-            throw new Error('参数无效: Authorization头格式无效，请检查是否包含了"Basic "');
-        }
-
-        const authCode = authSplit[1];
-        const apikey = Buffer.from(authCode, 'base64').toString();
-
-        const keySplit = apikey.split(':');
-        if (keySplit.length != 2) {
-            throw new Error('参数无效：请检查Authorization头内容是否经过正确Base64编码');
-        }
-        
-        return keySplit;
-    }
-
-    async function oauthParseBody (body, type) {
-        let checked = true, token = '';
-        if (type == 'apply' && body['grant_type'] != 'client_credentials') {
-            checked = false;
-        } else if (type == 'refresh') {
-            if (body['grant_type'] != 'refresh_token' || body['token'] == null) {
-                checked = false;
-            } else {
-                token = body['token'];
-            }
-        } else if (type == 'invalidate') {
-            if (body['token'] == null) {
-                checked = false;
-            } else {
-                token = body['token'];
-            }
-        }
-
-        if (!checked) {
-            throw new Error('参数无效：请求正文中未包含正确的信息');
-        }
-
-        return token;
-    }
-
-    return {
-        oauthParseAuthHeader,
-        oauthParseBody
-    }
-}