From 57e7d756cb4858de44867a74ae1663fe35f00ee0 Mon Sep 17 00:00:00 2001 From: whyour Date: Tue, 14 Jun 2022 22:43:18 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E7=B3=BB=E7=BB=9F=E5=86=85?= =?UTF-8?q?=E9=83=A8=E8=8E=B7=E5=8F=96token=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- back/api/log.ts | 6 ++++- back/api/open.ts | 2 +- back/config/index.ts | 1 + back/loaders/express.ts | 7 ------ back/services/open.ts | 35 +++++++++++++++++++++++++- shell/api.sh | 32 ++++++----------------- shell/share.sh | 1 - shell/token.ts | 56 +++++++++++++++++++++++++++++++++++++++++ shell/update.sh | 2 -- 9 files changed, 104 insertions(+), 38 deletions(-) create mode 100755 shell/token.ts diff --git a/back/api/log.ts b/back/api/log.ts index ccd80b9e..33d7e2ec 100644 --- a/back/api/log.ts +++ b/back/api/log.ts @@ -6,6 +6,7 @@ import config from '../config'; import { getFileContentByName, readDirs } from '../config/util'; import { join } from 'path'; const route = Router(); +const blacklist = ['.tmp']; export default (app: Router) => { app.use('/logs', route); @@ -13,7 +14,7 @@ export default (app: Router) => { route.get('/', async (req: Request, res: Response, next: NextFunction) => { const logger: Logger = Container.get('logger'); try { - const result = readDirs(config.logPath, config.logPath); + const result = readDirs(config.logPath, config.logPath, blacklist); res.send({ code: 200, data: result, @@ -29,6 +30,9 @@ export default (app: Router) => { async (req: Request, res: Response, next: NextFunction) => { const logger: Logger = Container.get('logger'); try { + if (blacklist.includes(req.path)) { + return res.send({ code: 403, message: '暂无权限' }); + } const filePath = join( config.logPath, (req.query.path || '') as string, diff --git a/back/api/open.ts b/back/api/open.ts index 2cacf018..c704d961 100644 --- a/back/api/open.ts +++ b/back/api/open.ts @@ -25,7 +25,7 @@ export default (app: Router) => { '/apps', celebrate({ body: Joi.object({ - name: Joi.string().optional().allow(''), + name: Joi.string().optional().allow('').disallow('system'), scopes: Joi.array().items(Joi.string().required()), }), }), diff --git a/back/config/index.ts b/back/config/index.ts index 5d62d027..1274634a 100644 --- a/back/config/index.ts +++ b/back/config/index.ts @@ -69,6 +69,7 @@ export default { 'cookie.sh', 'crontab.list', 'env.sh', + 'token.json', ], writePathList: [configPath, scriptPath], bakPath, diff --git a/back/loaders/express.ts b/back/loaders/express.ts index d686e0e5..3402799d 100644 --- a/back/loaders/express.ts +++ b/back/loaders/express.ts @@ -80,13 +80,6 @@ export default ({ app }: { app: Application }) => { ) { return next(); } - const remoteAddress = req.socket.remoteAddress; - if ( - remoteAddress === '::ffff:127.0.0.1' && - originPath === '/api/crons/status' - ) { - return next(); - } const data = fs.readFileSync(config.authConfigFile, 'utf8'); if (data) { diff --git a/back/services/open.ts b/back/services/open.ts index 5a81cc00..34483837 100644 --- a/back/services/open.ts +++ b/back/services/open.ts @@ -90,7 +90,9 @@ export default class OpenService { } try { const result = await this.find(condition); - return result.map((x) => ({ ...x, tokens: [] })); + return result + .filter((x) => x.name !== 'system') + .map((x) => ({ ...x, tokens: [] })); } catch (error) { throw error; } @@ -142,4 +144,35 @@ export default class OpenService { return { code: 400, message: 'client_id或client_seret有误' }; } } + + public async findSystemToken(): Promise<{ + value: string; + expiration: number; + }> { + let systemApp = (await AppModel.findOne({ + where: { name: 'system' }, + })) as App; + if (!systemApp) { + systemApp = await this.create({ + name: 'system', + scopes: ['crons'], + } as App); + } + const nowTime = Math.round(Date.now() / 1000); + let token; + if ( + !systemApp.tokens || + !systemApp.tokens.length || + nowTime > [...systemApp.tokens].pop()!.expiration + ) { + const authToken = await this.authToken({ + client_id: systemApp.client_id, + client_secret: systemApp.client_secret, + }); + token = authToken.data; + } else { + token = [...systemApp.tokens].pop(); + } + return token; + } } diff --git a/shell/api.sh b/shell/api.sh index 546e0540..ffb59ad7 100755 --- a/shell/api.sh +++ b/shell/api.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash get_token() { - token=$(cat $file_auth_user | jq -r .token) + token=$(ts-node-transpile-only "$dir_shell/token.ts") } add_cron_api() { @@ -17,7 +17,7 @@ add_cron_api() { fi local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/api/crons?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \ -H "Accept: application/json" \ -H "Authorization: Bearer $token" \ -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" \ @@ -52,7 +52,7 @@ update_cron_api() { fi local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/api/crons?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \ -X 'PUT' \ -H "Accept: application/json" \ -H "Authorization: Bearer $token" \ @@ -84,7 +84,7 @@ update_cron_command_api() { fi local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/api/crons?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \ -X 'PUT' \ -H "Accept: application/json" \ -H "Authorization: Bearer $token" \ @@ -109,7 +109,7 @@ del_cron_api() { local ids=$1 local currentTimeStamp=$(date +%s) local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/api/crons?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons?t=$currentTimeStamp" \ -X 'DELETE' \ -H "Accept: application/json" \ -H "Authorization: Bearer $token" \ @@ -130,24 +130,6 @@ del_cron_api() { fi } -get_user_info() { - local currentTimeStamp=$(date +%s) - local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/api/user?t=$currentTimeStamp" \ - -H 'Accept: */*' \ - -H "Authorization: Bearer $token" \ - -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36' \ - -H 'Referer: http://0.0.0.0:5700/crontab' \ - -H 'Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7' \ - --compressed - ) - code=$(echo $api | jq -r .code) - if [[ $code != 200 ]]; then - echo -e "请先登录!" - exit 0 - fi -} - update_cron() { local ids="$1" local status="$2" @@ -157,7 +139,7 @@ update_cron() { local runningTime="${6:-0}" local currentTimeStamp=$(date +%s) local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/api/crons/status?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5600/open/crons/status?t=$currentTimeStamp" \ -X 'PUT' \ -H "Accept: application/json" \ -H "Authorization: Bearer $token" \ @@ -181,7 +163,7 @@ notify_api() { local content=$2 local currentTimeStamp=$(date +%s) local api=$( - curl -s --noproxy "*" "http://0.0.0.0:5600/api/system/notify?t=$currentTimeStamp" \ + curl -s --noproxy "*" "http://0.0.0.0:5600/open/system/notify?t=$currentTimeStamp" \ -X 'PUT' \ -H "Accept: application/json" \ -H "Authorization: Bearer $token" \ diff --git a/shell/share.sh b/shell/share.sh index d8b285af..e386102b 100755 --- a/shell/share.sh +++ b/shell/share.sh @@ -14,7 +14,6 @@ dir_log=$dir_data/log dir_db=$dir_data/db dir_dep=$dir_data/deps dir_list_tmp=$dir_log/.tmp -dir_code=$dir_log/code dir_update_log=$dir_log/update ql_static_repo=$dir_repo/static diff --git a/shell/token.ts b/shell/token.ts new file mode 100755 index 00000000..bc74a6ab --- /dev/null +++ b/shell/token.ts @@ -0,0 +1,56 @@ +import 'reflect-metadata'; +import OpenService from '../back/services/open'; +import { Container } from 'typedi'; +import LoggerInstance from '../back/loaders/logger'; +import fs from 'fs'; +import config from '../back/config'; +import path from 'path'; + +const tokenFile = path.join(config.configPath, 'token.json'); + +async function getToken() { + try { + const data = await readFile(); + const nowTime = Math.round(Date.now() / 1000); + if (data.value && data.expiration > nowTime) { + console.log(data.value); + } else { + Container.set('logger', LoggerInstance); + const openService = Container.get(OpenService); + const appToken = await openService.findSystemToken(); + console.log(appToken.value); + await writeFile({ + value: appToken.value, + expiration: appToken.expiration, + }); + } + } catch (error) { + console.log(error); + } +} + +async function readFile() { + return new Promise((resolve, reject) => { + fs.readFile( + path.join(config.configPath, 'token.json'), + { encoding: 'utf8' }, + (err, data) => { + if (err) { + resolve({}); + } else { + resolve(JSON.parse(data)); + } + }, + ); + }); +} + +async function writeFile(data: any) { + return new Promise((resolve, reject) => { + fs.writeFile(tokenFile, JSON.stringify(data), { encoding: 'utf8' }, () => { + resolve(); + }); + }); +} + +getToken(); diff --git a/shell/update.sh b/shell/update.sh index f8fc1882..01ffd0bd 100755 --- a/shell/update.sh +++ b/shell/update.sh @@ -486,7 +486,6 @@ main() { run_extra_shell >>$log_path ;; repo) - get_user_info get_uniq_path "$p2" "$p6" if [[ -n $p2 ]]; then update_repo "$p2" "$p3" "$p4" "$p5" "$p6" "$p7" @@ -496,7 +495,6 @@ main() { fi ;; raw) - get_user_info get_uniq_path "$p2" if [[ -n $p2 ]]; then update_raw "$p2"