mirror of
https://github.com/Buriburizaem0n/nezha_domains.git
synced 2026-02-04 04:30:05 +00:00
fix: member-created services shouldn't be applied to admin resources (#1113)
This commit is contained in:
UUBulb
GitHub
@@ -223,7 +223,7 @@ func adminHandler[T any](handler handlerFunc[T]) func(*gin.Context) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
user := *auth.(*model.User)
|
user := *auth.(*model.User)
|
||||||
if user.Role != model.RoleAdmin {
|
if !user.Role.IsAdmin() {
|
||||||
c.JSON(http.StatusOK, newErrorResponse(singleton.Localizer.ErrorT("permission denied")))
|
c.JSON(http.StatusOK, newErrorResponse(singleton.Localizer.ErrorT("permission denied")))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -24,11 +24,11 @@ func listConfig(c *gin.Context) (*model.SettingResponse, error) {
|
|||||||
var isAdmin bool
|
var isAdmin bool
|
||||||
if authorized {
|
if authorized {
|
||||||
user := u.(*model.User)
|
user := u.(*model.User)
|
||||||
isAdmin = user.Role == model.RoleAdmin
|
isAdmin = user.Role.IsAdmin()
|
||||||
}
|
}
|
||||||
|
|
||||||
config := *singleton.Conf
|
config := *singleton.Conf
|
||||||
config.Language = strings.Replace(config.Language, "_", "-", -1)
|
config.Language = strings.ReplaceAll(config.Language, "_", "-")
|
||||||
|
|
||||||
conf := model.SettingResponse{
|
conf := model.SettingResponse{
|
||||||
Config: model.Setting{
|
Config: model.Setting{
|
||||||
@@ -89,7 +89,7 @@ func updateConfig(c *gin.Context) (any, error) {
|
|||||||
return nil, errors.New("invalid user template")
|
return nil, errors.New("invalid user template")
|
||||||
}
|
}
|
||||||
|
|
||||||
singleton.Conf.Language = strings.Replace(sf.Language, "-", "_", -1)
|
singleton.Conf.Language = strings.ReplaceAll(sf.Language, "-", "_")
|
||||||
|
|
||||||
singleton.Conf.EnableIPChangeNotification = sf.EnableIPChangeNotification
|
singleton.Conf.EnableIPChangeNotification = sf.EnableIPChangeNotification
|
||||||
singleton.Conf.EnablePlainIPInNotification = sf.EnablePlainIPInNotification
|
singleton.Conf.EnablePlainIPInNotification = sf.EnablePlainIPInNotification
|
||||||
|
|||||||
@@ -133,7 +133,7 @@ func createUser(c *gin.Context) (uint64, error) {
|
|||||||
if uf.Username == "" {
|
if uf.Username == "" {
|
||||||
return 0, singleton.Localizer.ErrorT("username can't be empty")
|
return 0, singleton.Localizer.ErrorT("username can't be empty")
|
||||||
}
|
}
|
||||||
if uf.Role != model.RoleAdmin && uf.Role != model.RoleMember {
|
if uf.Role > model.RoleMember {
|
||||||
return 0, singleton.Localizer.ErrorT("invalid role")
|
return 0, singleton.Localizer.ErrorT("invalid role")
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -195,7 +195,7 @@ func listOnlineUser(c *gin.Context) (*model.Value[[]*model.OnlineUser], error) {
|
|||||||
var isAdmin bool
|
var isAdmin bool
|
||||||
u, ok := c.Get(model.CtxKeyAuthorizedUser)
|
u, ok := c.Get(model.CtxKeyAuthorizedUser)
|
||||||
if ok {
|
if ok {
|
||||||
isAdmin = u.(*model.User).Role == model.RoleAdmin
|
isAdmin = u.(*model.User).Role.IsAdmin()
|
||||||
}
|
}
|
||||||
limit, err := strconv.Atoi(c.Query("limit"))
|
limit, err := strconv.Atoi(c.Query("limit"))
|
||||||
if err != nil || limit < 1 {
|
if err != nil || limit < 1 {
|
||||||
|
|||||||
@@ -177,14 +177,14 @@ func ServeNAT(w http.ResponseWriter, r *http.Request, natConfig *model.NAT) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func canSendTaskToServer(task *model.Service, server *model.Server) bool {
|
func canSendTaskToServer(task *model.Service, server *model.Server) bool {
|
||||||
var role uint8
|
var role model.Role
|
||||||
singleton.UserLock.RLock()
|
singleton.UserLock.RLock()
|
||||||
if u, ok := singleton.UserInfoMap[server.UserID]; !ok {
|
if u, ok := singleton.UserInfoMap[task.UserID]; !ok {
|
||||||
role = model.RoleMember
|
role = model.RoleMember
|
||||||
} else {
|
} else {
|
||||||
role = u.Role
|
role = u.Role
|
||||||
}
|
}
|
||||||
singleton.UserLock.RUnlock()
|
singleton.UserLock.RUnlock()
|
||||||
|
|
||||||
return task.UserID == server.UserID || role == model.RoleAdmin
|
return task.UserID == server.UserID || role.IsAdmin()
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -87,7 +87,7 @@ func (c *Config) Read(path string, frontendTemplates []FrontendTemplate) error {
|
|||||||
c.filePath = path
|
c.filePath = path
|
||||||
|
|
||||||
err := c.k.Load(env.Provider("NZ_", ".", func(s string) string {
|
err := c.k.Load(env.Provider("NZ_", ".", func(s string) string {
|
||||||
return strings.Replace(strings.ToLower(strings.TrimPrefix(s, "NZ_")), "_", ".", -1)
|
return strings.ReplaceAll(strings.ToLower(strings.TrimPrefix(s, "NZ_")), "_", ".")
|
||||||
}), nil)
|
}), nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|||||||
@@ -8,8 +8,14 @@ import (
|
|||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type Role uint8
|
||||||
|
|
||||||
|
func (r Role) IsAdmin() bool {
|
||||||
|
return r == RoleAdmin
|
||||||
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
RoleAdmin uint8 = iota
|
RoleAdmin Role = iota
|
||||||
RoleMember
|
RoleMember
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -19,13 +25,13 @@ type User struct {
|
|||||||
Common
|
Common
|
||||||
Username string `json:"username,omitempty" gorm:"uniqueIndex"`
|
Username string `json:"username,omitempty" gorm:"uniqueIndex"`
|
||||||
Password string `json:"password,omitempty" gorm:"type:char(72)"`
|
Password string `json:"password,omitempty" gorm:"type:char(72)"`
|
||||||
Role uint8 `json:"role,omitempty"`
|
Role Role `json:"role,omitempty"`
|
||||||
AgentSecret string `json:"agent_secret,omitempty" gorm:"type:char(32)"`
|
AgentSecret string `json:"agent_secret,omitempty" gorm:"type:char(32)"`
|
||||||
RejectPassword bool `json:"reject_password,omitempty"`
|
RejectPassword bool `json:"reject_password,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type UserInfo struct {
|
type UserInfo struct {
|
||||||
Role uint8
|
Role Role
|
||||||
AgentSecret string
|
AgentSecret string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
package model
|
package model
|
||||||
|
|
||||||
type UserForm struct {
|
type UserForm struct {
|
||||||
Role uint8 `json:"role,omitempty"`
|
Role Role `json:"role,omitempty"`
|
||||||
Username string `json:"username,omitempty"`
|
Username string `json:"username,omitempty"`
|
||||||
Password string `json:"password,omitempty" gorm:"type:char(72)"`
|
Password string `json:"password,omitempty" gorm:"type:char(72)"`
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -142,14 +142,14 @@ func checkStatus() {
|
|||||||
for _, server := range m {
|
for _, server := range m {
|
||||||
// 监测点
|
// 监测点
|
||||||
UserLock.RLock()
|
UserLock.RLock()
|
||||||
var role uint8
|
var role model.Role
|
||||||
if u, ok := UserInfoMap[server.UserID]; !ok {
|
if u, ok := UserInfoMap[alert.UserID]; !ok {
|
||||||
role = model.RoleMember
|
role = model.RoleMember
|
||||||
} else {
|
} else {
|
||||||
role = u.Role
|
role = u.Role
|
||||||
}
|
}
|
||||||
UserLock.RUnlock()
|
UserLock.RUnlock()
|
||||||
if alert.UserID != server.UserID && role != model.RoleAdmin {
|
if alert.UserID != server.UserID && !role.IsAdmin() {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
alertsStore[alert.ID][server.ID] = append(alertsStore[alert.
|
alertsStore[alert.ID][server.ID] = append(alertsStore[alert.
|
||||||
|
|||||||
Reference in New Issue
Block a user