新增密匙生成与取消

2020-07-17 15:52:26 +08:00 · 2020-07-17 15:52:26 +08:00 · c23641eae0
commit c23641eae0
parent 835eb66d30
6 changed files with 140 additions and 2 deletions
--- a/core/User/User.js
+++ b/core/User/User.js
@ -7,6 +7,7 @@ const {
    randomString
 } = require('./CryptoMine');
 const fs = require('fs');
+const uuid = require('uuid');

 const USER_SAVE_PATH = 'users/';
 class User {
@ -21,6 +22,9 @@ class User {
        this.dataModel.createDate = now;
        this.dataModel.lastDate = now;
        this.dataModel.allowedServer = [];
+
+        // API KEYthis.dataModel.apikey
+        this.dataModel.apikey = '';
    }

    load() {
@ -61,6 +65,7 @@ class User {
        this.dataModel.allowedServer = list;
        return this;
    }
+
    hasServer(serverName) {
        for (let key in this.dataModel.allowedServer) {
            if (this.dataModel.allowedServer[key] == serverName) {
@ -70,6 +75,13 @@ class User {
        return false;
    }

+    setApiKey(v) {
+        this.dataModel.apikey = v;
+    }
+
+    updateApiKey() {
+        this.dataModel.apikey = uuid.v4().replace(/-/igm, "");
+    }
 }


--- a/public/common/js/websocket.js
+++ b/public/common/js/websocket.js
@ -1,7 +1,7 @@
 //Websocket 层
 (function () {

-	var DEBUG = false; //Websocket DEBUG
+	var DEBUG = true; //Websocket DEBUG

 	//from @BBleae
 	//10 秒自动发送一次心跳包，此时间不可改变
--- a/public/template/dialog/apikey.html
+++ b/public/template/dialog/apikey.html
@ -0,0 +1,57 @@
+<div id="ApiKeyContainer">
+    <p>
+        <b>设置至关重要的接口密匙（API KEY）。</b>
+    </p>
+    <p><small>若此用户管理员用户，那么密匙将可以"创建/删除用户","创建/删除服务器","管理所有服务器"</small></p>
+    <p><small>若此用户为普通用户，则仅仅能管理其名下的所有服务器。</small></p>
+
+    <div class="input-group">
+        <span class="input-group-addon">API KEY</span>
+        <input type="text" class="form-control" v-model="API_KEY" placeholder="关闭" disabled="disabled">
+    </div>
+
+    <p style="color: rgb(230, 55, 55);">切勿泄露，安全至上，至关重要，不可泄露</p>
+
+    <p>留空则代表关闭此用户 API 功能</p>
+    <button class="btn btn-success" v-on:click="updateKey()">
+        更新 KEY
+    </button>
+    <button class="btn btn-success" v-on:click="deleteKey()">
+        删除/关闭 KEY
+    </button>
+    &nbsp;|&nbsp;
+    <button class="btn btn-danger" v-on:click="TOOLS.popWindClose();">
+        返回
+    </button>
+</div>
+<script>
+    new Vue({
+        el: "#ApiKeyContainer",
+        data: {
+            API_KEY: ''
+        },
+        methods: {
+            updateKey: function () {
+                var that = this;
+                WS.sendMsg('apikey/update', PAGE.username, function (obj) {
+                    var API_KEY = obj.ResponseValue;
+                    that.API_KEY = API_KEY;
+                });
+            },
+            deleteKey: function () {
+                var that = this;
+                WS.sendMsg('apikey/delete', PAGE.username, function (obj) {
+                    var API_KEY = obj.ResponseValue;
+                    that.API_KEY = API_KEY;
+                });
+            }
+        },
+        mounted: function () {
+            var that = this;
+            WS.sendMsg('apikey/get', PAGE.username, function (obj) {
+                var API_KEY = obj.ResponseValue;
+                that.API_KEY = API_KEY;
+            });
+        }
+    });
+</script>
--- a/public/template/userset.html
+++ b/public/template/userset.html
@ -40,9 +40,13 @@
 							<div class="col-md-5 NextCol">
 								<div class="PanelItemMuem">
 									<!-- <button class="btn btn-primary" v-on:click="">权限配置</button> -->
+
 									<button class="btn btn-success" v-on:click="toUserView(item.username)">详细信息</button>
 									<span style="margin-left: 8px;"> | </span>
-									<button class="btn btn-danger" v-on:click="toDeleteUser(item.username)">删除</button>
+									<button class="btn btn-primary" v-on:click="toAPIKey(item.username)">API
+										Key</button>
+									<button class="btn btn-danger"
+										v-on:click="toDeleteUser(item.username)">删除用户</button>
 								</div>
 							</div>
 						</div>
@ -169,6 +173,18 @@

 				toUserView: function (_username) {
 					RES.redirectPage('./template/component/user.html', 'userset/view', _username);
+				},
+				toAPIKey: function (username) {
+					// 弹出用户密匙设置窗口
+					PAGE.username = username;
+					TOOLS.popWind({
+						style: {
+							maxWidth: "500px",
+							top: "20%"
+						},
+						title: "用户 " + PAGE.username + " 的密匙设置",
+						template: "template/dialog/apikey.html"
+					});
 				}
 			}
 		});
--- a/route/websocket/apikey.js
+++ b/route/websocket/apikey.js
@ -0,0 +1,50 @@
+const {
+    WebSocketObserver
+} = require('../../model/WebSocketModel');
+const {
+    userCenter
+} = require('../../model/UserModel');
+const serverModel = require('../../model/ServerModel');
+const permssion = require('../../helper/Permission');
+const response = require('../../helper/Response');
+
+
+// 获取指定用户的 API KEY
+WebSocketObserver().listener('apikey/get', (data) => {
+    const username = permssion.isMaster(data.WsSession) ? data.body : data.WsSession.username;
+
+    const user = userCenter().get(username);
+    if (!user) return;
+    response.wsSend(data.ws, 'apikey/get', user.dataModel.apikey);
+});
+
+
+// 更新用户的 API KEY 
+// 其中，API KEY 不可自定义，有且只能根据后端算法生成
+WebSocketObserver().listener('apikey/update', (data) => {
+    const username = permssion.isMaster(data.WsSession) ? data.body : data.WsSession.username;
+
+    const user = userCenter().get(username);
+    if (!user) return;
+
+    // 更新用户KEY
+    user.updateApiKey();
+    user.save();
+
+    response.wsSend(data.ws, 'apikey/update', user.dataModel.apikey);
+});
+
+
+// 删除 API KEY
+WebSocketObserver().listener('apikey/delete', (data) => {
+    const username = permssion.isMaster(data.WsSession) ? data.body : data.WsSession.username;
+
+    const user = userCenter().get(username);
+    if (!user) return;
+
+    // 将 KEY 设置为空即可
+    user.setApiKey('');
+    user.save();
+
+    response.wsSend(data.ws, 'apikey/delete', user.dataModel.apikey);
+});
--- a/test.js
+++ b/test.js
@ -0,0 +1,3 @@
+var UUID = require('uuid');
+
+console.log(UUID.v4().replace(/-/igm, ""));