mirrors2/opencatd-open
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
team
opencatd-open/internal/service/token.go
Sakurasan e7ffc9e8b9 reface to openteam
2025-04-16 18:01:27 +08:00

252 lines
7.4 KiB
Go
Raw Permalink Blame History

package service
import (
"context"
"fmt"
"opencatd-open/internal/consts"
"opencatd-open/internal/dao"
"opencatd-open/internal/model"
"opencatd-open/internal/utils"
"strings"
"github.com/google/uuid"
"gorm.io/gorm"
)
// var _ TokenService = (*TokenServiceImpl)(nil)
// type TokenService interface {
// }
type TokenServiceImpl struct {
db *gorm.DB
tokenRepo dao.TokenRepository
}
func NewTokenService(db *gorm.DB, tokenRepo dao.TokenRepository) *TokenServiceImpl {
return &TokenServiceImpl{
db: db,
tokenRepo: tokenRepo,
}
}
func (t *TokenServiceImpl) CreateToken(ctx context.Context, token *model.Token) error {
if token.UserID == 0 {
token.UserID = ctx.Value("user_id").(int64)
}
if token.Active == nil {
token.Active = utils.ToPtr(true)
}
if token.UnlimitedQuota == nil {
token.UnlimitedQuota = utils.ToPtr(true)
}
if token.ExpiredAt == nil {
token.ExpiredAt = utils.ToPtr(int64(-1))
}
if token.Key == "" {
token.Key = "sk-team-" + strings.ReplaceAll(uuid.New().String(), "-", "")
}
if !strings.HasPrefix(token.Key, "sk-team-") {
token.Key = "sk-team-" + strings.ReplaceAll(token.Key, " ", "")
}
return t.tokenRepo.Create(ctx, token)
}
func (t *TokenServiceImpl) GetToken(ctx context.Context, id int64) (*model.Token, error) {
userid := ctx.Value("user_id").(int64)
tk := &model.Token{}
return tk, t.db.Model(&model.Token{}).Where("user_id = ?", userid).Where("id = ?", id).First(tk).Error
}
func (t *TokenServiceImpl) ListToken(ctx context.Context, limit, offset int, active []string) ([]*model.Token, int64, error) {
userid := ctx.Value("user_id").(int64)
condition := make(map[string]interface{})
condition["user_id = ?"] = userid
if len(active) > 0 {
condition["active IN ?"] = utils.StringToBool(active)
return t.tokenRepo.ListWithFilters(ctx, limit, offset, condition)
}
return t.tokenRepo.ListWithFilters(ctx, limit, offset, condition)
}
func (t *TokenServiceImpl) UpdateToken(ctx context.Context, token *model.Token) error {
userid := ctx.Value("user_id").(int64) // 操作者
userRoleValue := ctx.Value("user_role")
if userRoleValue == nil {
return fmt.Errorf("user role not found in context")
}
role, ok := userRoleValue.(*consts.UserRole) // 操作角色
if !ok {
return fmt.Errorf("user role in context is not an integer")
}
switch {
case *role < consts.RoleAdmin:
if userid != token.UserID {
return fmt.Errorf("Permission denied")
}
case *role == consts.RoleAdmin:
if *role <= *token.User.Role {
return fmt.Errorf("Permission denied")
}
}
return t.db.Model(&model.Token{}).Where("id = ?", token.ID).Updates(token).Error
}
func (t *TokenServiceImpl) ResetToken(ctx context.Context, id int64) error {
userid := ctx.Value("user_id").(int64) // 操作者
userRoleValue := ctx.Value("user_role")
if userRoleValue == nil {
return fmt.Errorf("user role not found in context")
}
role, ok := userRoleValue.(*consts.UserRole) // 操作角色
if !ok {
return fmt.Errorf("user role in context is not an integer")
}
switch {
case *role < consts.RoleAdmin:
if userid != id {
return fmt.Errorf("Permission denied")
}
case *role == consts.RoleAdmin:
var user = &model.User{}
if err := t.db.Model(&model.User{}).Where("id = ?", id).First(user).Error; err != nil {
return fmt.Errorf("User not found")
}
if *role <= *user.Role {
return fmt.Errorf("Permission denied")
}
}
token := "sk-team-" + strings.ReplaceAll(uuid.New().String(), "-", "")
return t.db.Model(&model.Token{}).Where("user_id = ?", userid).Where("id = ?", id).Update("token", token).Error
}
func (t *TokenServiceImpl) DeleteToken(ctx context.Context, id int64) error {
token, err := t.tokenRepo.GetByID(ctx, id)
if err != nil {
return fmt.Errorf("Token not found")
}
if token.User == nil {
return fmt.Errorf("Token user not found")
}
role := ctx.Value("user_role").(*consts.UserRole) // 操作角色
userid := ctx.Value("user_id").(int64) // 操作者
switch {
case *role < consts.RoleAdmin:
if userid != token.UserID {
return fmt.Errorf("Permission denied")
}
case *role == consts.RoleAdmin:
if *role <= *token.User.Role {
return fmt.Errorf("Permission denied")
}
}
return t.db.Model(&model.Token{}).Where("id = ?", id).Delete(&model.Token{}).Error
}
func (t *TokenServiceImpl) DeleteTokens(ctx context.Context, userid int64, ids []int64) error {
operator_id := ctx.Value("user_id").(int64)
roleValue := ctx.Value("user_role")
if roleValue == nil {
return fmt.Errorf("user role not found in context")
}
operator_role, ok := roleValue.(*consts.UserRole) // 操作角色
if !ok {
return fmt.Errorf("user role in context is not an integer")
}
switch {
case *operator_role < consts.RoleAdmin:
if operator_id != userid {
return fmt.Errorf("Permission denied")
}
return t.tokenRepo.BatchDelete(ctx, ids, map[string]interface{}{"name != ?": "default", "user_id = ?": userid})
case *operator_role == consts.RoleAdmin:
var user = &model.User{}
if err := t.db.Model(&model.User{}).Where("id = ?", userid).First(user).Error; err != nil {
return fmt.Errorf("User not found")
}
if *operator_role <= *user.Role {
return fmt.Errorf("Permission denied")
}
return t.tokenRepo.BatchDelete(ctx, ids, map[string]interface{}{"name != ?": "default", "user_id = ?": userid})
default:
return t.tokenRepo.BatchDelete(ctx, ids, map[string]interface{}{"name != ?": "default"})
}
}
func (t *TokenServiceImpl) EnableTokens(ctx context.Context, userid int64, ids []int64) error {
operator_id := ctx.Value("user_id").(int64)
roleValue := ctx.Value("user_role")
if roleValue == nil {
return fmt.Errorf("user role not found in context")
}
operator_role, ok := roleValue.(*consts.UserRole) // 操作角色
if !ok {
return fmt.Errorf("user role in context is not an integer")
}
switch {
case *operator_role < consts.RoleAdmin:
if operator_id != userid {
return fmt.Errorf("Permission denied")
}
return t.tokenRepo.BatchEnable(ctx, ids, map[string]interface{}{"user_id = ?": userid})
case *operator_role == consts.RoleAdmin:
var user = &model.User{}
if err := t.db.Model(&model.User{}).Where("id = ?", userid).First(user).Error; err != nil {
return fmt.Errorf("User not found")
}
if *operator_role <= *user.Role {
return fmt.Errorf("Permission denied")
}
return t.tokenRepo.BatchEnable(ctx, ids, map[string]interface{}{"user_id = ?": userid})
default:
return t.tokenRepo.BatchEnable(ctx, ids, nil)
}
}
func (t *TokenServiceImpl) DisableTokens(ctx context.Context, userid int64, ids []int64) error {
operator_id := ctx.Value("user_id").(int64)
roleValue := ctx.Value("user_role")
if roleValue == nil {
return fmt.Errorf("user role not found in context")
}
operator_role, ok := roleValue.(*consts.UserRole) // 操作角色
if !ok {
return fmt.Errorf("user role in context is not an integer")
}
switch {
case *operator_role < consts.RoleAdmin:
if operator_id != userid {
return fmt.Errorf("Permission denied")
}
return t.tokenRepo.BatchDisable(ctx, ids, map[string]interface{}{"user_id =": userid})
case *operator_role == consts.RoleAdmin:
var user = &model.User{}
if err := t.db.Model(&model.User{}).Where("id = ?", userid).First(user).Error; err != nil {
return fmt.Errorf("User not found")
}
if *operator_role <= *user.Role {
return fmt.Errorf("Permission denied")
}
return t.tokenRepo.BatchDisable(ctx, ids, map[string]interface{}{"user_id =": userid})
default:
return t.tokenRepo.BatchDisable(ctx, ids, nil)
}
}
Reference in New Issue View Git Blame Copy Permalink