mirror of
https://github.com/DeNNiiInc/dbgate.git
synced 2026-05-03 16:23:58 +00:00
multi user auth
This commit is contained in:
Jan Prochazka
@@ -2,3 +2,13 @@ DEVMODE=1
|
|||||||
# PERMISSIONS=~widgets/app,~widgets/plugins
|
# PERMISSIONS=~widgets/app,~widgets/plugins
|
||||||
# DISABLE_SHELL=1
|
# DISABLE_SHELL=1
|
||||||
# HIDE_APP_EDITOR=1
|
# HIDE_APP_EDITOR=1
|
||||||
|
|
||||||
|
|
||||||
|
DEVWEB=1
|
||||||
|
LOGINS=admin,test
|
||||||
|
|
||||||
|
LOGIN_PASSWORD_admin=admin
|
||||||
|
LOGIN_PERMISSIONS_admin=*
|
||||||
|
|
||||||
|
LOGIN_PASSWORD_test=test
|
||||||
|
LOGIN_PERMISSIONS_test=~*, widgets/database
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ const os = require('os');
|
|||||||
const path = require('path');
|
const path = require('path');
|
||||||
const axios = require('axios');
|
const axios = require('axios');
|
||||||
const { datadir } = require('../utility/directories');
|
const { datadir } = require('../utility/directories');
|
||||||
const hasPermission = require('../utility/hasPermission');
|
const { hasPermission, getLogins } = require('../utility/hasPermission');
|
||||||
const socket = require('../utility/socket');
|
const socket = require('../utility/socket');
|
||||||
const _ = require('lodash');
|
const _ = require('lodash');
|
||||||
const AsyncLock = require('async-lock');
|
const AsyncLock = require('async-lock');
|
||||||
@@ -26,8 +26,10 @@ module.exports = {
|
|||||||
// },
|
// },
|
||||||
|
|
||||||
get_meta: true,
|
get_meta: true,
|
||||||
async get() {
|
async get(_params, req) {
|
||||||
const permissions = process.env.PERMISSIONS ? process.env.PERMISSIONS.split(',') : null;
|
const logins = getLogins();
|
||||||
|
const login = logins ? logins.find(x => x.login == (req.auth && req.auth.user)) : null;
|
||||||
|
const permissions = login ? login.permissions : null;
|
||||||
|
|
||||||
return {
|
return {
|
||||||
runAsPortal: !!connections.portalConnections,
|
runAsPortal: !!connections.portalConnections,
|
||||||
@@ -67,8 +69,8 @@ module.exports = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
updateSettings_meta: true,
|
updateSettings_meta: true,
|
||||||
async updateSettings(values) {
|
async updateSettings(values, req) {
|
||||||
if (!hasPermission(`settings/change`)) return false;
|
if (!hasPermission(`settings/change`, req)) return false;
|
||||||
|
|
||||||
const res = await lock.acquire('update', async () => {
|
const res = await lock.acquire('update', async () => {
|
||||||
const currentValue = await this.getSettings();
|
const currentValue = await this.getSettings();
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ const fs = require('fs-extra');
|
|||||||
const path = require('path');
|
const path = require('path');
|
||||||
const { filesdir, archivedir, resolveArchiveFolder, uploadsdir, appdir } = require('../utility/directories');
|
const { filesdir, archivedir, resolveArchiveFolder, uploadsdir, appdir } = require('../utility/directories');
|
||||||
const getChartExport = require('../utility/getChartExport');
|
const getChartExport = require('../utility/getChartExport');
|
||||||
const hasPermission = require('../utility/hasPermission');
|
const { hasPermission } = require('../utility/hasPermission');
|
||||||
const socket = require('../utility/socket');
|
const socket = require('../utility/socket');
|
||||||
const scheduler = require('./scheduler');
|
const scheduler = require('./scheduler');
|
||||||
const getDiagramExport = require('../utility/getDiagramExport');
|
const getDiagramExport = require('../utility/getDiagramExport');
|
||||||
@@ -23,8 +23,8 @@ function deserialize(format, text) {
|
|||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
list_meta: true,
|
list_meta: true,
|
||||||
async list({ folder }) {
|
async list({ folder }, req) {
|
||||||
if (!hasPermission(`files/${folder}/read`)) return [];
|
if (!hasPermission(`files/${folder}/read`, req)) return [];
|
||||||
const dir = path.join(filesdir(), folder);
|
const dir = path.join(filesdir(), folder);
|
||||||
if (!(await fs.exists(dir))) return [];
|
if (!(await fs.exists(dir))) return [];
|
||||||
const files = (await fs.readdir(dir)).map(file => ({ folder, file }));
|
const files = (await fs.readdir(dir)).map(file => ({ folder, file }));
|
||||||
@@ -32,11 +32,11 @@ module.exports = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
listAll_meta: true,
|
listAll_meta: true,
|
||||||
async listAll() {
|
async listAll(_params, req) {
|
||||||
const folders = await fs.readdir(filesdir());
|
const folders = await fs.readdir(filesdir());
|
||||||
const res = [];
|
const res = [];
|
||||||
for (const folder of folders) {
|
for (const folder of folders) {
|
||||||
if (!hasPermission(`files/${folder}/read`)) continue;
|
if (!hasPermission(`files/${folder}/read`, req)) continue;
|
||||||
const dir = path.join(filesdir(), folder);
|
const dir = path.join(filesdir(), folder);
|
||||||
const files = (await fs.readdir(dir)).map(file => ({ folder, file }));
|
const files = (await fs.readdir(dir)).map(file => ({ folder, file }));
|
||||||
res.push(...files);
|
res.push(...files);
|
||||||
@@ -45,8 +45,8 @@ module.exports = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
delete_meta: true,
|
delete_meta: true,
|
||||||
async delete({ folder, file }) {
|
async delete({ folder, file }, req) {
|
||||||
if (!hasPermission(`files/${folder}/write`)) return false;
|
if (!hasPermission(`files/${folder}/write`, req)) return false;
|
||||||
await fs.unlink(path.join(filesdir(), folder, file));
|
await fs.unlink(path.join(filesdir(), folder, file));
|
||||||
socket.emitChanged(`files-changed-${folder}`);
|
socket.emitChanged(`files-changed-${folder}`);
|
||||||
socket.emitChanged(`all-files-changed`);
|
socket.emitChanged(`all-files-changed`);
|
||||||
@@ -54,8 +54,8 @@ module.exports = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
rename_meta: true,
|
rename_meta: true,
|
||||||
async rename({ folder, file, newFile }) {
|
async rename({ folder, file, newFile }, req) {
|
||||||
if (!hasPermission(`files/${folder}/write`)) return false;
|
if (!hasPermission(`files/${folder}/write`, req)) return false;
|
||||||
await fs.rename(path.join(filesdir(), folder, file), path.join(filesdir(), folder, newFile));
|
await fs.rename(path.join(filesdir(), folder, file), path.join(filesdir(), folder, newFile));
|
||||||
socket.emitChanged(`files-changed-${folder}`);
|
socket.emitChanged(`files-changed-${folder}`);
|
||||||
socket.emitChanged(`all-files-changed`);
|
socket.emitChanged(`all-files-changed`);
|
||||||
@@ -63,8 +63,8 @@ module.exports = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
copy_meta: true,
|
copy_meta: true,
|
||||||
async copy({ folder, file, newFile }) {
|
async copy({ folder, file, newFile }, req) {
|
||||||
if (!hasPermission(`files/${folder}/write`)) return false;
|
if (!hasPermission(`files/${folder}/write`, req)) return false;
|
||||||
await fs.copyFile(path.join(filesdir(), folder, file), path.join(filesdir(), folder, newFile));
|
await fs.copyFile(path.join(filesdir(), folder, file), path.join(filesdir(), folder, newFile));
|
||||||
socket.emitChanged(`files-changed-${folder}`);
|
socket.emitChanged(`files-changed-${folder}`);
|
||||||
socket.emitChanged(`all-files-changed`);
|
socket.emitChanged(`all-files-changed`);
|
||||||
@@ -72,7 +72,7 @@ module.exports = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
load_meta: true,
|
load_meta: true,
|
||||||
async load({ folder, file, format }) {
|
async load({ folder, file, format }, req) {
|
||||||
if (folder.startsWith('archive:')) {
|
if (folder.startsWith('archive:')) {
|
||||||
const text = await fs.readFile(path.join(resolveArchiveFolder(folder.substring('archive:'.length)), file), {
|
const text = await fs.readFile(path.join(resolveArchiveFolder(folder.substring('archive:'.length)), file), {
|
||||||
encoding: 'utf-8',
|
encoding: 'utf-8',
|
||||||
@@ -84,22 +84,22 @@ module.exports = {
|
|||||||
});
|
});
|
||||||
return deserialize(format, text);
|
return deserialize(format, text);
|
||||||
} else {
|
} else {
|
||||||
if (!hasPermission(`files/${folder}/read`)) return null;
|
if (!hasPermission(`files/${folder}/read`, req)) return null;
|
||||||
const text = await fs.readFile(path.join(filesdir(), folder, file), { encoding: 'utf-8' });
|
const text = await fs.readFile(path.join(filesdir(), folder, file), { encoding: 'utf-8' });
|
||||||
return deserialize(format, text);
|
return deserialize(format, text);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
save_meta: true,
|
save_meta: true,
|
||||||
async save({ folder, file, data, format }) {
|
async save({ folder, file, data, format }, req) {
|
||||||
if (folder.startsWith('archive:')) {
|
if (folder.startsWith('archive:')) {
|
||||||
if (!hasPermission(`archive/write`)) return false;
|
if (!hasPermission(`archive/write`, req)) return false;
|
||||||
const dir = resolveArchiveFolder(folder.substring('archive:'.length));
|
const dir = resolveArchiveFolder(folder.substring('archive:'.length));
|
||||||
await fs.writeFile(path.join(dir, file), serialize(format, data));
|
await fs.writeFile(path.join(dir, file), serialize(format, data));
|
||||||
socket.emitChanged(`archive-files-changed-${folder.substring('archive:'.length)}`);
|
socket.emitChanged(`archive-files-changed-${folder.substring('archive:'.length)}`);
|
||||||
return true;
|
return true;
|
||||||
} else if (folder.startsWith('app:')) {
|
} else if (folder.startsWith('app:')) {
|
||||||
if (!hasPermission(`apps/write`)) return false;
|
if (!hasPermission(`apps/write`, req)) return false;
|
||||||
const app = folder.substring('app:'.length);
|
const app = folder.substring('app:'.length);
|
||||||
await fs.writeFile(path.join(appdir(), app, file), serialize(format, data));
|
await fs.writeFile(path.join(appdir(), app, file), serialize(format, data));
|
||||||
socket.emitChanged(`app-files-changed-${app}`);
|
socket.emitChanged(`app-files-changed-${app}`);
|
||||||
@@ -107,7 +107,7 @@ module.exports = {
|
|||||||
apps.emitChangedDbApp(folder);
|
apps.emitChangedDbApp(folder);
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
if (!hasPermission(`files/${folder}/write`)) return false;
|
if (!hasPermission(`files/${folder}/write`, req)) return false;
|
||||||
const dir = path.join(filesdir(), folder);
|
const dir = path.join(filesdir(), folder);
|
||||||
if (!(await fs.exists(dir))) {
|
if (!(await fs.exists(dir))) {
|
||||||
await fs.mkdir(dir);
|
await fs.mkdir(dir);
|
||||||
@@ -128,8 +128,8 @@ module.exports = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
favorites_meta: true,
|
favorites_meta: true,
|
||||||
async favorites() {
|
async favorites(_params, req) {
|
||||||
if (!hasPermission(`files/favorites/read`)) return [];
|
if (!hasPermission(`files/favorites/read`, req)) return [];
|
||||||
const dir = path.join(filesdir(), 'favorites');
|
const dir = path.join(filesdir(), 'favorites');
|
||||||
if (!(await fs.exists(dir))) return [];
|
if (!(await fs.exists(dir))) return [];
|
||||||
const files = await fs.readdir(dir);
|
const files = await fs.readdir(dir);
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ const socket = require('../utility/socket');
|
|||||||
const compareVersions = require('compare-versions');
|
const compareVersions = require('compare-versions');
|
||||||
const requirePlugin = require('../shell/requirePlugin');
|
const requirePlugin = require('../shell/requirePlugin');
|
||||||
const downloadPackage = require('../utility/downloadPackage');
|
const downloadPackage = require('../utility/downloadPackage');
|
||||||
const hasPermission = require('../utility/hasPermission');
|
const { hasPermission } = require('../utility/hasPermission');
|
||||||
const _ = require('lodash');
|
const _ = require('lodash');
|
||||||
const packagedPluginsContent = require('../packagedPluginsContent');
|
const packagedPluginsContent = require('../packagedPluginsContent');
|
||||||
|
|
||||||
@@ -115,8 +115,8 @@ module.exports = {
|
|||||||
// },
|
// },
|
||||||
|
|
||||||
install_meta: true,
|
install_meta: true,
|
||||||
async install({ packageName }) {
|
async install({ packageName }, req) {
|
||||||
if (!hasPermission(`plugins/install`)) return;
|
if (!hasPermission(`plugins/install`, req)) return;
|
||||||
const dir = path.join(pluginsdir(), packageName);
|
const dir = path.join(pluginsdir(), packageName);
|
||||||
// @ts-ignore
|
// @ts-ignore
|
||||||
if (!(await fs.exists(dir))) {
|
if (!(await fs.exists(dir))) {
|
||||||
@@ -128,8 +128,8 @@ module.exports = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
uninstall_meta: true,
|
uninstall_meta: true,
|
||||||
async uninstall({ packageName }) {
|
async uninstall({ packageName }, req) {
|
||||||
if (!hasPermission(`plugins/install`)) return;
|
if (!hasPermission(`plugins/install`, req)) return;
|
||||||
const dir = path.join(pluginsdir(), packageName);
|
const dir = path.join(pluginsdir(), packageName);
|
||||||
await fs.rmdir(dir, { recursive: true });
|
await fs.rmdir(dir, { recursive: true });
|
||||||
socket.emitChanged(`installed-plugins-changed`);
|
socket.emitChanged(`installed-plugins-changed`);
|
||||||
@@ -138,8 +138,8 @@ module.exports = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
upgrade_meta: true,
|
upgrade_meta: true,
|
||||||
async upgrade({ packageName }) {
|
async upgrade({ packageName }, req) {
|
||||||
if (!hasPermission(`plugins/install`)) return;
|
if (!hasPermission(`plugins/install`, req)) return;
|
||||||
const dir = path.join(pluginsdir(), packageName);
|
const dir = path.join(pluginsdir(), packageName);
|
||||||
// @ts-ignore
|
// @ts-ignore
|
||||||
if (await fs.exists(dir)) {
|
if (await fs.exists(dir)) {
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ const fs = require('fs-extra');
|
|||||||
const path = require('path');
|
const path = require('path');
|
||||||
const cron = require('node-cron');
|
const cron = require('node-cron');
|
||||||
const runners = require('./runners');
|
const runners = require('./runners');
|
||||||
const hasPermission = require('../utility/hasPermission');
|
const { hasPermission } = require('../utility/hasPermission');
|
||||||
|
|
||||||
const scheduleRegex = /\s*\/\/\s*@schedule\s+([^\n]+)\n/;
|
const scheduleRegex = /\s*\/\/\s*@schedule\s+([^\n]+)\n/;
|
||||||
|
|
||||||
@@ -26,8 +26,8 @@ module.exports = {
|
|||||||
this.tasks.push(task);
|
this.tasks.push(task);
|
||||||
},
|
},
|
||||||
|
|
||||||
async reload() {
|
async reload(_params, req) {
|
||||||
if (!hasPermission('files/shell/read')) return;
|
if (!hasPermission('files/shell/read', req)) return;
|
||||||
const shellDir = path.join(filesdir(), 'shell');
|
const shellDir = path.join(filesdir(), 'shell');
|
||||||
await this.unload();
|
await this.unload();
|
||||||
if (!(await fs.exists(shellDir))) return;
|
if (!(await fs.exists(shellDir))) return;
|
||||||
|
|||||||
@@ -29,6 +29,8 @@ const queryHistory = require('./controllers/queryHistory');
|
|||||||
const { rundir } = require('./utility/directories');
|
const { rundir } = require('./utility/directories');
|
||||||
const platformInfo = require('./utility/platformInfo');
|
const platformInfo = require('./utility/platformInfo');
|
||||||
const getExpressPath = require('./utility/getExpressPath');
|
const getExpressPath = require('./utility/getExpressPath');
|
||||||
|
const { getLogins } = require('./utility/hasPermission');
|
||||||
|
const _ = require('lodash');
|
||||||
|
|
||||||
function start() {
|
function start() {
|
||||||
// console.log('process.argv', process.argv);
|
// console.log('process.argv', process.argv);
|
||||||
@@ -37,12 +39,11 @@ function start() {
|
|||||||
|
|
||||||
const server = http.createServer(app);
|
const server = http.createServer(app);
|
||||||
|
|
||||||
if (process.env.LOGIN && process.env.PASSWORD) {
|
const logins = getLogins();
|
||||||
|
if (logins) {
|
||||||
app.use(
|
app.use(
|
||||||
basicAuth({
|
basicAuth({
|
||||||
users: {
|
users: _.fromPairs(logins.map(x => [x.login, x.password])),
|
||||||
[process.env.LOGIN]: process.env.PASSWORD,
|
|
||||||
},
|
|
||||||
challenge: true,
|
challenge: true,
|
||||||
realm: 'DbGate Web App',
|
realm: 'DbGate Web App',
|
||||||
})
|
})
|
||||||
@@ -85,15 +86,7 @@ function start() {
|
|||||||
if (platformInfo.isDocker) {
|
if (platformInfo.isDocker) {
|
||||||
// server static files inside docker container
|
// server static files inside docker container
|
||||||
app.use(getExpressPath('/'), express.static('/home/dbgate-docker/public'));
|
app.use(getExpressPath('/'), express.static('/home/dbgate-docker/public'));
|
||||||
} else {
|
} else if (platformInfo.isNpmDist) {
|
||||||
if (!platformInfo.isNpmDist) {
|
|
||||||
app.get(getExpressPath('/'), (req, res) => {
|
|
||||||
res.send('DbGate API');
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (platformInfo.isNpmDist) {
|
|
||||||
app.use(getExpressPath('/'), express.static(path.join(__dirname, '../../dbgate-web/public')));
|
app.use(getExpressPath('/'), express.static(path.join(__dirname, '../../dbgate-web/public')));
|
||||||
getPort({
|
getPort({
|
||||||
port: parseInt(
|
port: parseInt(
|
||||||
@@ -105,7 +98,19 @@ function start() {
|
|||||||
console.log(`DbGate API listening on port ${port}`);
|
console.log(`DbGate API listening on port ${port}`);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
} else if (process.env.DEVWEB) {
|
||||||
|
console.log('__dirname', __dirname);
|
||||||
|
console.log(path.join(__dirname, '../../web/public/build'));
|
||||||
|
app.use(getExpressPath('/'), express.static(path.join(__dirname, '../../web/public')));
|
||||||
|
|
||||||
|
const port = process.env.PORT || 3000;
|
||||||
|
console.log('DbGate API & web listening on port', port);
|
||||||
|
server.listen(port);
|
||||||
} else {
|
} else {
|
||||||
|
app.get(getExpressPath('/'), (req, res) => {
|
||||||
|
res.send('DbGate API');
|
||||||
|
});
|
||||||
|
|
||||||
const port = process.env.PORT || 3000;
|
const port = process.env.PORT || 3000;
|
||||||
console.log('DbGate API listening on port', port);
|
console.log('DbGate API listening on port', port);
|
||||||
server.listen(port);
|
server.listen(port);
|
||||||
|
|||||||
@@ -1,12 +1,56 @@
|
|||||||
const { compilePermissions, testPermission } = require('dbgate-tools');
|
const { compilePermissions, testPermission } = require('dbgate-tools');
|
||||||
|
const _ = require('lodash');
|
||||||
|
|
||||||
let compiled = undefined;
|
const userPermissions = {};
|
||||||
|
|
||||||
function hasPermission(tested) {
|
function hasPermission(tested, req) {
|
||||||
if (compiled === undefined) {
|
const { user } = (req && req.auth) || {};
|
||||||
compiled = compilePermissions(process.env.PERMISSIONS);
|
const key = user || '';
|
||||||
|
const logins = getLogins();
|
||||||
|
if (!userPermissions[key] && logins) {
|
||||||
|
const login = logins.find(x => x.login == user);
|
||||||
|
userPermissions[key] = compilePermissions(login ? login.permissions : null);
|
||||||
}
|
}
|
||||||
return testPermission(tested, compiled);
|
return testPermission(tested, userPermissions[key]);
|
||||||
}
|
}
|
||||||
|
|
||||||
module.exports = hasPermission;
|
let loginsCache = null;
|
||||||
|
let loginsLoaded = false;
|
||||||
|
|
||||||
|
function getLogins() {
|
||||||
|
if (loginsLoaded) {
|
||||||
|
return loginsCache;
|
||||||
|
}
|
||||||
|
|
||||||
|
const res = [];
|
||||||
|
if (process.env.LOGIN && process.env.PASSWORD) {
|
||||||
|
res.push({
|
||||||
|
login: process.env.LOGIN,
|
||||||
|
password: process.env.PASSWORD,
|
||||||
|
permissions: process.env.PERMISSIONS,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
if (process.env.LOGINS) {
|
||||||
|
const logins = _.compact(process.env.LOGINS.split(',').map(x => x.trim()));
|
||||||
|
for (const login of logins) {
|
||||||
|
const password = process.env[`LOGIN_PASSWORD_${login}`];
|
||||||
|
const permissions = process.env[`LOGIN_PERMISSIONS_${login}`];
|
||||||
|
if (password) {
|
||||||
|
res.push({
|
||||||
|
login,
|
||||||
|
password,
|
||||||
|
permissions,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
loginsCache = res.length > 0 ? res : null;
|
||||||
|
loginsLoaded = true;
|
||||||
|
return loginsCache;
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
hasPermission,
|
||||||
|
getLogins,
|
||||||
|
};
|
||||||
|
|||||||
@@ -62,7 +62,7 @@ module.exports = function useController(app, electron, route, controller) {
|
|||||||
// controller._init_called = true;
|
// controller._init_called = true;
|
||||||
// }
|
// }
|
||||||
try {
|
try {
|
||||||
let params = [{ ...req.body, ...req.query }];
|
let params = [{ ...req.body, ...req.query }, req];
|
||||||
if (rawParams) params = [req, res];
|
if (rawParams) params = [req, res];
|
||||||
const data = await controller[key](...params);
|
const data = await controller[key](...params);
|
||||||
res.json(data);
|
res.json(data);
|
||||||
|
|||||||
Reference in New Issue
Block a user