auth.go

package console_sqlite3

import (
	"database/sql"
	"encoding/json"
	"time"

	"github.com/eolinker/goku-api-gateway/server/dao"

	log "github.com/eolinker/goku-api-gateway/goku-log"
)

type basicAuthConf struct {
	UserName       string `json:"userName"`
	Password       string `json:"password"`
	HideCredential bool   `json:"hideCredential"`
	Remark         string `json:"remark"`
}

//APIKeyConf apiKey配置
type APIKeyConf struct {
	APIKey         string `json:"Apikey"`
	TokenPlace     string `json:"tokenPlace"`
	HideCredential bool   `json:"hideCredential"`
	Remark         string `json:"remark"`
}

//OAuth2GlobalConf oauth2配置
type OAuth2GlobalConf struct {
	oauth2Conf
	Oauth2CredentialList []*oauth2Credential `json:"oauth2CredentialList"`
}

type oauth2Conf struct {
	Scopes                        []string `json:"scopes"`                        //scopes = { required = false, type = "array" },
	MandatoryScope                bool     `json:"mandatoryScope"`                //mandatory_scope = { required = true, type = "boolean", default = false, func = check_mandatory_scope },
	TokenExpiration               int      `json:"tokenExpiration"`               //token_expiration = { required = true, type = "number", default = 7200 },
	EnableAuthorizationCode       bool     `json:"enableAuthorizationCode"`       //enable_authorization_code = { required = true, type = "boolean", default = false },
	EnableImplicitGrant           bool     `json:"enableImplicitGrant"`           //enable_implicit_grant = { required = true, type = "boolean", default = false },
	EnableClientCredentials       bool     `json:"enableClientCredentials"`       //enable_client_credentials = { required = true, type = "boolean", default = false },
	HideCredentials               bool     `json:"hideCredentials"`               //hide_credentials = { type = "boolean", default = false },
	AcceptHTTPIfAlreadyTerminated bool     `json:"acceptHttpIfAlreadyTerminated"` //accept_http_if_already_terminated = { required = false, type = "boolean", default = false },
	RefreshTokenTTL               int      `json:"refreshTokenTTL"`               //refresh_token_ttl = {required = true, type = "number", default = 1209600} -- original hardcoded value - 14 days
}

type jwtCredential struct {
	ISS          string `json:"iss"`
	Secret       string `json:"secret"`
	RsaPublicKey string `json:"rsaPublicKey"`
	Algorithm    string `json:"algorithm"`
	Remark       string `json:"remark"`
}

type jwtConf struct {
	SignatureIsBase64 bool            `json:"signatureIsBase64"`
	ClaimsToVerify    []string        `json:"claimsToVerify"`
	RunOnPreflight    bool            `json:"runOnPreflight"`
	JwtCredentials    []jwtCredential `json:"jwtCredentials"`
	HideCredentials   bool            `json:"hideCredentials"`
}

type oauth2Credential struct {
	CredentialID string `json:"credentialID"`
	ClientID     string `json:"clientID"`
	ClientSecret string `json:"clientSecret"`
	RedirectURI  string `json:"redirectURI"`
	Remark       string `json:"remark"`
}

//AuthDao AuthDao
type AuthDao struct {
	db *sql.DB
}

//NewAuthDao new AuthDao
func NewAuthDao() *AuthDao {
	return &AuthDao{}
}

//Create create
func (d *AuthDao) Create(db *sql.DB) (interface{}, error) {

	d.db = db

	var i dao.AuthDao = d

	return &i, nil
}

//GetAuthStatus 获取认证状态
func (d *AuthDao) GetAuthStatus(strategyID string) (bool, map[string]interface{}, error) {
	db := d.db
	var basicStatus, apikeyStatus int
	sql := `SELECT CASE WHEN goku_plugin.pluginStatus = 0 THEN 0 ELSE goku_conn_plugin_strategy.pluginStatus END AS pluginStatus FROM goku_conn_plugin_strategy INNER JOIN goku_plugin ON goku_plugin.pluginName = goku_conn_plugin_strategy.pluginName WHERE goku_conn_plugin_strategy.pluginName = ? AND goku_conn_plugin_strategy.strategyID = ?;`
	db.QueryRow(sql, "goku-basic_auth", strategyID).Scan(&basicStatus)

	db.QueryRow(sql, "goku-apikey_auth", strategyID).Scan(&apikeyStatus)

	authInfo := map[string]interface{}{
		"basicAuthStatus": basicStatus,
		"apiKeyStatus":    apikeyStatus,
		"jwtStatus":       0,
		"oAuthStatus":     0,
	}
	return true, authInfo, nil
}

//GetAuthInfo 获取认证信息
func (d *AuthDao) GetAuthInfo(strategyID string) (bool, map[string]interface{}, error) {
	db := d.db
	var strategyName, auth string
	sql := "SELECT IFNULL(auth,''),strategyName FROM goku_gateway_strategy WHERE strategyID = ?;"
	err := db.QueryRow(sql, strategyID).Scan(&auth, &strategyName)
	if err != nil {
		return false, make(map[string]interface{}), err
	}
	basicAuthList := make([]basicAuthConf, 0)
	apiKeyList := make([]APIKeyConf, 0)

	var basicConfig, apiKeyConfig string
	sql = `SELECT pluginConfig FROM goku_conn_plugin_strategy WHERE pluginName = ? AND strategyID = ? AND pluginStatus = 1;`
	err = db.QueryRow(sql, "goku-basic_auth", strategyID).Scan(&basicConfig)
	if err == nil {
		if basicConfig != "" {
			json.Unmarshal([]byte(basicConfig), &basicAuthList)
			if err != nil {
				panic(err)
				return false, make(map[string]interface{}), err
			}
		}
	}
	err = db.QueryRow(sql, "goku-apikey_auth", strategyID).Scan(&apiKeyConfig)
	if err == nil {
		if apiKeyConfig != "" {
			err = json.Unmarshal([]byte(apiKeyConfig), &apiKeyList)
			if err != nil {
				panic(err)
				return false, make(map[string]interface{}), err
			}
		}
	}

	authInfo := map[string]interface{}{
		"strategyID":           strategyID,
		"strategyName":         strategyName,
		"auth":                 auth,
		"basicAuthList":        basicAuthList,
		"apiKeyList":           apiKeyList,
		"jwtCredentialList":    make([]interface{}, 0),
		"oauth2CredentialList": make([]interface{}, 0),
	}
	return true, authInfo, nil
}

//EditAuthInfo 编辑认证信息
func (d *AuthDao) EditAuthInfo(strategyID, strategyName, basicAuthList, apikeyList, jwtCredentialList, oauth2CredentialList string, delClientIDList []string) (bool, error) {
	db := d.db
	now := time.Now().Format("2006-01-02 15:04:05")
	sql := "UPDATE goku_gateway_strategy SET strategyName = ? WHERE strategyID = ?;"
	stmt, err := db.Prepare(sql)
	if err != nil {
		return false, err
	}
	defer stmt.Close()
	_, err = stmt.Exec(strategyName, strategyID)
	if err != nil {
		return false, err
	}
	// 设置basic信息
	Tx, _ := db.Begin()
	_, err = Tx.Exec("UPDATE goku_conn_plugin_strategy SET pluginConfig = ?,updateTime = ? WHERE strategyID = ? AND pluginName = ? AND pluginStatus = 1;", basicAuthList, now, strategyID, "goku-basic_auth")
	if err != nil {
		Tx.Rollback()
		return false, err
	}
	_, err = Tx.Exec("UPDATE goku_conn_plugin_strategy SET pluginConfig = ?,updateTime = ? WHERE strategyID = ? AND pluginName = ? AND pluginStatus = 1;", apikeyList, now, strategyID, "goku-apikey_auth")
	if err != nil {
		Tx.Rollback()
		return false, err
	}

	sql = "UPDATE goku_gateway_strategy SET updateTime = ? WHERE strategyID = ?;"
	_, err = Tx.Exec(sql, now, strategyID)
	if err != nil {
		Tx.Rollback()
		return false, err
	}
	err = Tx.Commit()
	if err != nil {
		info := err.Error()
		log.Info(info)
	}
	return true, nil
}