fusen/fusenapi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of gitee.com:fusenpack/fusenapi into develop

Browse Source
This commit is contained in:
momo 2023-11-21 11:45:17 +08:00
commit 6d748f3dda
21 changed files with 475 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
server/ldap-admin/internal/handler/getldapusershandler.go Normal file
View File

@ -0,0 +1,35 @@
package handler
import (
"net/http"
"reflect"
"fusenapi/utils/basic"
"fusenapi/server/ldap-admin/internal/logic"
"fusenapi/server/ldap-admin/internal/svc"
"fusenapi/server/ldap-admin/internal/types"
)
func GetLdapUsersHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var req types.GetLdapUsersReq
userinfo, err := basic.RequestParse(w, r, svcCtx, &req)
if err != nil {
return
}
// 创建一个业务逻辑层实例
l := logic.NewGetLdapUsersLogic(r.Context(), svcCtx)
rl := reflect.ValueOf(l)
basic.BeforeLogic(w, r, rl)
resp := l.GetLdapUsers(&req, userinfo)
if !basic.AfterLogic(w, r, rl, resp) {
basic.NormalAfterLogic(w, r, resp)
}
}
}

5
server/ldap-admin/internal/handler/routes.go
View File

@ -142,6 +142,11 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
Path: "/api/ldap-admin/create_ldap_user_base_group",
Handler: CreateLdapUserBaseGroupHandler(serverCtx),
},
{
Method: http.MethodGet,
Path: "/api/ldap-admin/get_ldap_users",
Handler: GetLdapUsersHandler(serverCtx),
},
},
)
}

2
server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go
View File

@ -46,7 +46,7 @@ func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.Ad
if !email.IsEmailValid(cnEmail) {
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
}
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
err := ldapServer.AddUserToOrganization(req.OrganizationDN, req.UserDN)
if err != nil {
logx.Error(err)

2
server/ldap-admin/internal/logic/createldaporganizationlogic.go
View File

@ -52,7 +52,7 @@ func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLd
}
//组装organization dn
organizationDN := "ou=" + req.OrganizationEnName + "," + req.ParentOrganizationDN
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
err := ldapServer.Create(organizationDN, map[string][]string{
"objectClass": {"top", "groupOfUniqueNames"},
"cn": {req.OrganizationEnName},

2
server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go
View File

@ -32,7 +32,7 @@ func NewCreateLdapUserBaseGroupLogic(ctx context.Context, svcCtx *svc.ServiceCon
// }
func (l *CreateLdapUserBaseGroupLogic) CreateLdapUserBaseGroup(req *types.Request, userinfo *auth.UserInfo) (resp *basic.Response) {
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
err := ldapServer.Create(l.svcCtx.Config.Ldap.PeopleGroupDN, map[string][]string{
"objectClass": {"top", "organizationalUnit"},
"ou": {"FusenTeam"},

29
server/ldap-admin/internal/logic/createldapuserlogic.go
View File

@ -42,6 +42,9 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, useri
req.Mobile = strings.Trim(req.Mobile, " ")
req.Email = strings.Trim(req.Email, " ")
req.Password = strings.Trim(req.Password, " ")
if req.GroupId < 0 {
req.GroupId = 0
}
if req.UserName == "" {
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,用户名不能为空")
}
@ -51,7 +54,7 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, useri
if !email.IsEmailValid(req.Email) {
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,邮箱格式不正确")
}
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
//把用户名转pinyin
userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName)
//新增一条记录获取递增用户id
@ -74,18 +77,18 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, useri
"shadowWarning": {"7"}, //固有属性
"loginShell": {"/usr/sbin/nologin"}, //固有属性
"homeDirectory": {"/home/users/" + userNamePinyin},
"employeeType": {fmt.Sprintf("%d", req.EmployeeType)}, //1正式 2实习 3外包
"uidNumber": {fmt.Sprintf("%d", userData.Id)},
"gidNumber": {fmt.Sprintf("%d", userData.Id)},
"uid": {userNamePinyin},
"cn": {req.Email},
"sn": {req.UserName},
"mail": {req.Email},
"postalCode": {fmt.Sprintf("%d", req.Status)},
"departmentNumber": {"0"},
"postalAddress": {req.Avatar},
"mobile": {req.Mobile},
"userPassword": {"{crypt}" + pwd},
"employeeType": {fmt.Sprintf("%d", req.EmployeeType)}, //员工类型:1正式 2实习 3外包
"uidNumber": {fmt.Sprintf("%d", userData.Id)}, //用户id
"gidNumber": {fmt.Sprintf("%d", userData.Id)}, //用户id
"uid": {userNamePinyin}, //用户名(拼音)
"cn": {req.Email}, //邮箱
"sn": {req.UserName}, //用户名
"mail": {req.Email}, //邮箱
"postalCode": {fmt.Sprintf("%d", req.Status)}, //状态
"departmentNumber": {fmt.Sprintf("%d", req.GroupId)}, //权限分组id
"postalAddress": {req.Avatar}, //头像
"mobile": {req.Mobile}, //手机号
"userPassword": {"{crypt}" + pwd}, //密码
}); err != nil {
logx.Error(err)
return resp.SetStatusWithMessage(basic.CodeServiceErr, "添加用户失败,"+err.Error())

2
server/ldap-admin/internal/logic/deleteldaporganizationlogic.go
View File

@ -37,7 +37,7 @@ func (l *DeleteLdapOrganizationLogic) DeleteLdapOrganization(req *types.DeleteLd
if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" {
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误无效的组织DN")
}
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
if err := ldapServer.Delete(req.OrganizationDN); err != nil {
logx.Error(err)
return resp.SetStatusWithMessage(basic.CodeServiceErr, "删除ldap组织失败,"+err.Error())

2
server/ldap-admin/internal/logic/deleteldapuserlogic.go
View File

@ -37,7 +37,7 @@ func (l *DeleteLdapUserLogic) DeleteLdapUser(req *types.DeleteLdapUserReq, useri
if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误无效的用户DN")
}
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
err := ldapServer.Update(req.UserDN, map[string][]string{
"postalCode": {"0"},
})

70
server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
View File

@ -6,7 +6,6 @@ import (
"fusenapi/utils/basic"
"fusenapi/utils/ldap_lib"
"github.com/go-ldap/ldap/v3"
"strconv"
"strings"
"context"
@ -41,7 +40,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN")
}
//先获取组织成员
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
//获取跟用户dn筛选排除该用户
rootDNSlice := strings.Split(l.svcCtx.Config.Ldap.RootDN, ",")
if len(rootDNSlice) == 0 {
@ -84,63 +83,28 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
//从新赋值filter
filter = "(&(objectClass=posixAccount)(objectClass=inetOrgPerson)(|" + filterBuilder.String() + "))"
//从用户基本组中找到员工
result, err = ldapServer.Search(l.svcCtx.Config.Ldap.PeopleGroupDN, ldap.ScopeWholeSubtree, filter, nil, nil)
userList, err := ldapServer.GetLdapBaseTeamUsersByParams(filter)
if err != nil {
logx.Error(err)
return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error())
}
userList := make([]types.GetLdapOrganizationMembersItem, 0, memberCount)
for _, entry := range result.Entries {
user := types.GetLdapOrganizationMembersItem{
UserDN: entry.DN,
}
canAppend := true
for _, attr := range entry.Attributes {
switch attr.Name {
case "uidNumber": //用户id
if len(attr.Values) == 0 {
return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户id不存在")
}
user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
logx.Error(err)
return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户id转数字失败")
}
case "sn": //用户真名
user.UserName = strings.Join(attr.Values, "")
case "mail": //邮箱
user.Email = strings.Join(attr.Values, "")
case "mobile": //手机号
user.Mobile = strings.Join(attr.Values, "")
case "postalAddress": //头像
user.Avatar = strings.Join(attr.Values, "")
case "postalCode": //状态
if len(attr.Values) == 0 {
return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态不存在")
}
user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
logx.Error(err)
return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态转数字失败")
}
//无效员工就不要显示了
if user.Status != 1 {
//从该组中移除该成员
if err = ldapServer.RemoveUserFromOrganization(req.OrganizationDN, entry.DN); err != nil {
logx.Error("移除组中离职成员失败,", err.Error())
}
canAppend = false //要移除的成员就不要显示了
break
}
}
}
//添加列表
if canAppend {
userList = append(userList, user)
}
list := make([]types.GetLdapOrganizationMembersItem, 0, memberCount)
for _, user := range userList {
list = append(list, types.GetLdapOrganizationMembersItem{
UserId: user.UserId,
UserDN: user.UserDN,
UserName: user.UserName,
Email: user.Email,
Mobile: user.Mobile,
Avatar: user.Avatar,
EmployeeType: user.EmployeeType,
Status: user.Status,
CreateTime: user.CreateTime.Format("2006-01-02 15:04:05"),
UpdateTime: user.UpdateTime.Format("2006-01-02 15:04:05"),
})
}
return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
List: userList,
List: list,
})
}

2
server/ldap-admin/internal/logic/getldaporganizationslogic.go
View File

@ -48,7 +48,7 @@ func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, use
if len(rootCn) == 0 {
return resp.SetStatusWithMessage(basic.CodeServiceErr, "root用户DN未设置")
}
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
peopleDNSlice := strings.Split(l.svcCtx.Config.Ldap.PeopleGroupDN, ",")
if len(peopleDNSlice) <= 1 {
return resp.SetStatusWithMessage(basic.CodeServiceErr, "基础用户组的DN未配置")

4
server/ldap-admin/internal/logic/getldapuserinfologic.go
View File

@ -39,7 +39,7 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us
if !email.IsEmailValid(cnEmail) {
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
}
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
user, err := ldapServer.GetLdapUserInfo(req.UserDN)
if err != nil {
logx.Error(err)
@ -54,6 +54,8 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us
Avatar: user.Avatar,
Status: user.Status,
EmployeeTpye: user.EmployeeType,
CreateTime: user.CreateTime.Format("2006-01-02 15:04:05"),
UpdateTime: user.UpdateTime.Format("2006-01-02 15:04:05"),
})
}

68
server/ldap-admin/internal/logic/getldapuserslogic.go Normal file
View File

@ -0,0 +1,68 @@
package logic
import (
"fusenapi/utils/auth"
"fusenapi/utils/basic"
"fusenapi/utils/ldap_lib"
"strings"
"context"
"fusenapi/server/ldap-admin/internal/svc"
"fusenapi/server/ldap-admin/internal/types"
"github.com/zeromicro/go-zero/core/logx"
)
type GetLdapUsersLogic struct {
logx.Logger
ctx context.Context
svcCtx *svc.ServiceContext
}
func NewGetLdapUsersLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetLdapUsersLogic {
return &GetLdapUsersLogic{
Logger: logx.WithContext(ctx),
ctx: ctx,
svcCtx: svcCtx,
}
}
// 处理进入前逻辑w,r
// func (l *GetLdapUsersLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
// }
func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, userinfo *auth.UserInfo) (resp *basic.Response) {
req.PageCookie = strings.Trim(req.PageCookie, " ")
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
pageSize := uint32(20)
list, cookie, err := ldapServer.GetLdapBaseTeamUserList(pageSize, req.PageCookie)
if err != nil {
logx.Error(err)
return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询用户列表报错,"+err.Error())
}
rspList := make([]types.GetLdapUsersItem, 0, len(list))
for _, v := range list {
rspList = append(rspList, types.GetLdapUsersItem{
UserId: v.UserId,
UserDN: v.UserDN,
UserName: v.UserName,
Email: v.Email,
Mobile: v.Mobile,
Avatar: v.Avatar,
EmployeeType: v.EmployeeType,
Status: v.Status,
CreateTime: v.CreateTime.Format("2006-01-02 15:04:05"),
UpdateTime: v.UpdateTime.Format("2006-01-02 15:04:05"),
})
}
return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapUsersRsp{
List: rspList,
PagingCookie: cookie,
})
}
// 处理逻辑后 w,r 如:重定向, resp 必须重新处理
// func (l *GetLdapUsersLogic) AfterLogic(w http.ResponseWriter, r *http.Request, resp *basic.Response) {
// // httpx.OkJsonCtx(r.Context(), w, resp)
// }

2
server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go
View File

@ -46,7 +46,7 @@ func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *ty
if !email.IsEmailValid(cnEmail) {
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
}
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
err := ldapServer.RemoveUserFromOrganization(req.OrganizationDN, req.UserDN)
if err != nil {
logx.Error(err)

2
server/ldap-admin/internal/logic/updateldaporganizationlogic.go
View File

@ -40,7 +40,7 @@ func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLd
if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" {
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误无效的组织DN")
}
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
if err := ldapServer.Update(req.OrganizationDN, map[string][]string{
"businessCategory": {req.BusinessCategory},
}); err != nil {

6
server/ldap-admin/internal/logic/updateldapuserlogic.go
View File

@ -40,7 +40,7 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri
req.Mobile = strings.Trim(req.Mobile, " ")
req.Avatar = strings.Trim(req.Avatar, " ")
req.UserName = strings.Trim(req.UserName, " ")
if req.AuthGroupId < 0 {
if req.GroupId < 0 {
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误无效的用户权限组id")
}
if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
@ -52,11 +52,11 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri
}
//把用户名转pinyin
userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
//更新的属性
attr := map[string][]string{
"homeDirectory": {"/home/users/" + userNamePinyin},
"departmentNumber": {fmt.Sprintf("%d", req.AuthGroupId)},
"departmentNumber": {fmt.Sprintf("%d", req.GroupId)},
"sn": {req.UserName},
"uid": {userNamePinyin},
"mobile": {req.Mobile},

22
server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
View File

@ -48,22 +48,24 @@ func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdR
if !email.IsEmailValid(cnEmail) {
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
}
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
//查询个人信息
user, err := ldapServer.GetLdapUserInfo(req.UserDN)
if err != nil {
logx.Error(err)
return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error())
}
//解密旧的密码
oldPwd, err := encryption_decryption.CBCDecrypt(user.Password[7:])
if err != nil {
logx.Error(err)
return resp.SetStatusWithMessage(basic.CodeServiceErr, "解密旧的密码出错")
}
//验证旧的密码
if oldPwd != req.OldPassword {
return resp.SetStatusWithMessage(basic.CodeServiceErr, "旧密码不对,请重新尝试")
if len(user.Password) > 7 && user.Password[:7] == "{crypt}" {
//解密旧的密码
oldPwd, err := encryption_decryption.CBCDecrypt(user.Password[7:])
if err != nil {
logx.Error(err)
return resp.SetStatusWithMessage(basic.CodeServiceErr, "解密旧的密码出错")
}
//验证旧的密码
if oldPwd != req.OldPassword {
return resp.SetStatusWithMessage(basic.CodeServiceErr, "旧密码不对,请重新尝试")
}
}
//加密新的密码
newPwd, err := encryption_decryption.CBCEncrypt(req.NewPassword)

56
server/ldap-admin/internal/types/types.go
View File

@ -92,11 +92,11 @@ type GetMenuDetailRsp struct {
}
type GetMenusReq struct {
CurrentPage int `form:"current_page"`
Name string `form:"name"`
Title string `form:"title"`
Path string `form:"path"`
ParentId *int64 `form:"parent_id"`
CurrentPage int `form:"current_page,optional"`
Name string `form:"name,optional"`
Title string `form:"title,optional"`
Path string `form:"path,optional"`
ParentId *int64 `form:"parent_id,optional"`
}
type GetMenusRsp struct {
@ -137,6 +137,7 @@ type CreateLdapUserReq struct {
Mobile string `json:"mobile"` //手机号
Avatar string `json:"avatar"` //头像地址
EmployeeType int64 `json:"employee_type,options=1|2|3"` //1正式 2实习 3外包
GroupId int64 `json:"group_id,optional"` //分组id
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
}
@ -147,7 +148,7 @@ type UpdateLdapUserReq struct {
Avatar string `json:"avatar,optional"` //头像地址
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
EmployeeType int64 `json:"employee_type,options=1|2|3"` //1正式 2实习 3外包
AuthGroupId int64 `json:"auth_group_id,optional"` //权限分组id
GroupId int64 `json:"group_id,optional"` //权限分组id
}
type UpdateLdapUserPwdReq struct {
@ -165,7 +166,7 @@ type GetLdapUserInfoReq struct {
}
type GetLdapUserInfoRsp struct {
UserId int64 `json:"userId"`
UserId int64 `json:"user_id"`
UserDN string `json:"user_dn"`
UserName string `json:"user_name"` //用户名
Email string `json:"email"` //邮箱
@ -173,6 +174,8 @@ type GetLdapUserInfoRsp struct {
Avatar string `json:"avatar"` //头像地址
EmployeeTpye int64 `json:"employee_tpye"` //雇佣类型 1正式 2实习 3外包
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
CreateTime string `json:"create_time"`
UpdateTime string `json:"update_time"`
}
type AddLdapOrganizationMemberReq struct {
@ -194,13 +197,38 @@ type GetLdapOrganizationMembersRsp struct {
}
type GetLdapOrganizationMembersItem struct {
UserId int64 `json:"userId"`
UserDN string `json:"user_dn"`
UserName string `json:"user_name"` //用户名
Email string `json:"email"` //邮箱
Mobile string `json:"mobile"` //手机号
Avatar string `json:"avatar"` //头像地址
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
UserId int64 `json:"userId"`
UserDN string `json:"user_dn"`
UserName string `json:"user_name"` //用户名
Email string `json:"email"` //邮箱
Mobile string `json:"mobile"` //手机号
Avatar string `json:"avatar"` //头像地址
EmployeeType int64 `json:"employee_type"`
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
CreateTime string `json:"create_time"`
UpdateTime string `json:"update_time"`
}
type GetLdapUsersReq struct {
PageCookie string `form:"page_cookie,optional"` //下一页分页游标,传空/不传就是第一页
}
type GetLdapUsersRsp struct {
List []GetLdapUsersItem `json:"list"`
PagingCookie string `json:"paging_cookie"`
}
type GetLdapUsersItem struct {
UserId int64 `json:"userId"`
UserDN string `json:"user_dn"`
UserName string `json:"user_name"` //用户名
Email string `json:"email"` //邮箱
Mobile string `json:"mobile"` //手机号
Avatar string `json:"avatar"` //头像地址
EmployeeType int64 `json:"employee_type"`
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
CreateTime string `json:"create_time"`
UpdateTime string `json:"update_time"`
}
type Request struct {

57
server_api/ldap-admin.api
View File

@ -89,6 +89,9 @@ service ldap-admin {
//创建用户基础组
@handler CreateLdapUserBaseGroupHandler
post /api/ldap-admin/create_ldap_user_base_group(request) returns (response);
//获取基础用户组中成员列表
@handler GetLdapUsersHandler
get /api/ldap-admin/get_ldap_users(GetLdapUsersReq) returns (response);
}
type (
@ -175,11 +178,11 @@ type GetMenuDetailRsp {
}
//获取菜单列表
type GetMenusReq {
CurrentPage int `form:"current_page"`
Name string `form:"name"`
Title string `form:"title"`
Path string `form:"path"`
ParentId *int64 `form:"parent_id"`
CurrentPage int `form:"current_page,optional"`
Name string `form:"name,optional"`
Title string `form:"title,optional"`
Path string `form:"path,optional"`
ParentId *int64 `form:"parent_id,optional"`
}
type GetMenusRsp {
List []MenuItem `json:"list"`
@ -218,6 +221,7 @@ type CreateLdapUserReq {
Mobile string `json:"mobile"` //手机号
Avatar string `json:"avatar"` //头像地址
EmployeeType int64 `json:"employee_type,options=1|2|3"` //1正式 2实习 3外包
GroupId int64 `json:"group_id,optional"` //分组id
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
}
//修改ldap用户信息
@ -228,7 +232,7 @@ type UpdateLdapUserReq {
Avatar string `json:"avatar,optional"` //头像地址
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
EmployeeType int64 `json:"employee_type,options=1|2|3"` //1正式 2实习 3外包
AuthGroupId int64 `json:"auth_group_id,optional"` //权限分组id
GroupId int64 `json:"group_id,optional"` //权限分组id
}
//修改用户密码
type UpdateLdapUserPwdReq {
@ -245,7 +249,7 @@ type GetLdapUserInfoReq {
UserDN string `form:"user_dn"` //用户dn
}
type GetLdapUserInfoRsp {
UserId int64 `json:"userId"`
UserId int64 `json:"user_id"`
UserDN string `json:"user_dn"`
UserName string `json:"user_name"` //用户名
Email string `json:"email"` //邮箱
@ -253,6 +257,8 @@ type GetLdapUserInfoRsp {
Avatar string `json:"avatar"` //头像地址
EmployeeTpye int64 `json:"employee_tpye"` //雇佣类型 1正式 2实习 3外包
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
CreateTime string `json:"create_time"`
UpdateTime string `json:"update_time"`
}
//ldap组织添加成员
type AddLdapOrganizationMemberReq {
@ -272,11 +278,34 @@ type GetLdapOrganizationMembersRsp {
List []GetLdapOrganizationMembersItem `json:"list"`
}
type GetLdapOrganizationMembersItem {
UserId int64 `json:"userId"`
UserDN string `json:"user_dn"`
UserName string `json:"user_name"` //用户名
Email string `json:"email"` //邮箱
Mobile string `json:"mobile"` //手机号
Avatar string `json:"avatar"` //头像地址
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
UserId int64 `json:"userId"`
UserDN string `json:"user_dn"`
UserName string `json:"user_name"` //用户名
Email string `json:"email"` //邮箱
Mobile string `json:"mobile"` //手机号
Avatar string `json:"avatar"` //头像地址
EmployeeType int64 `json:"employee_type"`
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
CreateTime string `json:"create_time"`
UpdateTime string `json:"update_time"`
}
//获取基础用户组中成员列表
type GetLdapUsersReq {
PageCookie string `form:"page_cookie,optional"` //下一页分页游标,传空/不传就是第一页
}
type GetLdapUsersRsp {
List []GetLdapUsersItem `json:"list"`
PagingCookie string `json:"paging_cookie"`
}
type GetLdapUsersItem {
UserId int64 `json:"userId"`
UserDN string `json:"user_dn"`
UserName string `json:"user_name"` //用户名
Email string `json:"email"` //邮箱
Mobile string `json:"mobile"` //手机号
Avatar string `json:"avatar"` //头像地址
EmployeeType int64 `json:"employee_type"`
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
CreateTime string `json:"create_time"`
UpdateTime string `json:"update_time"`
}

46
utils/ldap_lib/ldap_group.go
View File

@ -8,16 +8,18 @@ import (
)
type Ldap struct {
baseDN string
rootDN string
conn *ldap.Conn
baseDN string
rootDN string
conn *ldap.Conn
peopleGroupDN string
}
func NewLdap(conn *ldap.Conn, baseDN, rootDN string) *Ldap {
func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN string) *Ldap {
return &Ldap{
baseDN: baseDN,
rootDN: rootDN,
conn: conn,
baseDN: baseDN,
rootDN: rootDN,
conn: conn,
peopleGroupDN: peopleGroupDN,
}
}
@ -74,6 +76,36 @@ func (l *Ldap) Search(DN string, scope int, filter string, attr []string, contro
return l.conn.Search(searchRequest)
}
// 分页查询资源(分组/用户)
func (l *Ldap) SearchWithPaging(DN string, scope int, filter string, attr []string, pageSize uint32, pagingCookie string) (resp *ldap.SearchResult, err error) {
if DN == l.rootDN {
return nil, errors.New("没有权限查询根用户")
}
if filter == "" {
rootCn := strings.Split(l.rootDN, ",")
if len(rootCn) == 0 {
return nil, errors.New("root用户DN未设置")
}
filter = "(&(objectClass=*)(!(" + rootCn[0] + ")))"
}
searchRequest := ldap.NewSearchRequest(
DN,
scope, ldap.NeverDerefAliases, 0, 0, false,
filter,
attr,
nil,
)
pagingCtl := ldap.NewControlPaging(pageSize)
pagingCtl.SetCookie([]byte(pagingCookie))
searchRequest.Controls = []ldap.Control{
pagingCtl,
}
// 执行搜索请求
return l.conn.Search(searchRequest)
}
//*********************************************************************************************
// AddUserToGroup 添加用户到组织
func (l *Ldap) AddUserToOrganization(organizationDN, userDN string) error {
modify := ldap.NewModifyRequest(organizationDN, nil)

10
utils/ldap_lib/ldap_time_format.go Normal file
View File

@ -0,0 +1,10 @@
package ldap_lib
import (
"time"
)
func LdapTimeToTime(timeStr string) (time.Time, error) {
// 将时间字符串转换为时间
return time.Parse("20060102150405Z", timeStr)
}

194
utils/ldap_lib/ldap_user.go
View File

@ -1,26 +1,30 @@
package ldap_lib
import (
"encoding/hex"
"errors"
"github.com/go-ldap/ldap/v3"
"github.com/zeromicro/go-zero/core/logx"
"strconv"
"strings"
"time"
)
type GetLdapUserInfoRsp struct {
UserId int64 `json:"userId"`
UserDN string `json:"user_dn"`
UserName string `json:"user_name"` //用户名
Password string `json:"password"` //密码
Email string `json:"email"` //邮箱
Mobile string `json:"mobile"` //手机号
Avatar string `json:"avatar"` //头像地址
EmployeeType int64 `json:"employee_type"` //1正式 2实习 3外包
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
type LdapUserInfo struct {
UserId int64 `json:"userId"`
UserDN string `json:"user_dn"`
UserName string `json:"user_name"` //用户名
Password string `json:"password"` //密码
Email string `json:"email"` //邮箱
Mobile string `json:"mobile"` //手机号
Avatar string `json:"avatar"` //头像地址
EmployeeType int64 `json:"employee_type"` //1正式 2实习 3外包
Status int64 `json:"status,options=0|1"` //状态 1正常0离职
CreateTime time.Time `json:"create_time"`
UpdateTime time.Time `json:"update_time"`
}
func (l *Ldap) GetLdapUserInfo(userDN string) (*GetLdapUserInfoRsp, error) {
// 获取用户详情
func (l *Ldap) GetLdapUserInfo(userDN string) (*LdapUserInfo, error) {
res, err := l.Search(userDN, ldap.ScopeWholeSubtree, "(&(objectClass=posixAccount)(objectClass=inetOrgPerson))", nil, nil)
if err != nil {
return nil, err
@ -28,7 +32,7 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*GetLdapUserInfoRsp, error) {
if len(res.Entries) != 1 {
return nil, errors.New("查询到不到用户信息")
}
user := &GetLdapUserInfoRsp{}
user := &LdapUserInfo{}
for _, entry := range res.Entries {
if entry.DN != userDN {
continue
@ -38,12 +42,11 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*GetLdapUserInfoRsp, error) {
switch attr.Name {
case "uidNumber": //用户id
if len(attr.Values) == 0 {
continue
return nil, errors.New("用户id不存在")
}
user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
logx.Error(err)
return nil, errors.New("用户id转数字失败")
return nil, err
}
case "sn": //用户真名
user.UserName = strings.Join(attr.Values, "")
@ -57,19 +60,29 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*GetLdapUserInfoRsp, error) {
user.Password = strings.Join(attr.Values, ",")
case "employeeType": //员工类型
if len(attr.Values) == 0 {
continue
return nil, errors.New("用户类型不存在")
}
user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
return nil, errors.New("用户类型转数字失败")
return nil, err
}
case "postalCode": //状态
if len(attr.Values) == 0 {
continue
return nil, errors.New("用户状态不存在")
}
user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
return nil, errors.New("用户状态转数字失败")
return nil, err
}
case "createTimestamp":
user.CreateTime, err = LdapTimeToTime(attr.Values[0])
if err != nil {
return nil, err
}
case "modifyTimestamp":
user.UpdateTime, err = LdapTimeToTime(attr.Values[0])
if err != nil {
return nil, err
}
}
}
@ -80,3 +93,144 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*GetLdapUserInfoRsp, error) {
}
return user, nil
}
// 获取基础组用户列表
func (l *Ldap) GetLdapBaseTeamUserList(pageSize uint32, pageCookie string) ([]LdapUserInfo, string, error) {
pageCookieBytes, err := hex.DecodeString(pageCookie)
if err != nil {
return nil, "", err
}
result, err := l.SearchWithPaging(l.peopleGroupDN, ldap.ScopeWholeSubtree, "(objectClass=person)", nil, pageSize, string(pageCookieBytes))
if err != nil {
return nil, "", err
}
list := make([]LdapUserInfo, 0, pageSize)
for _, entry := range result.Entries {
user := LdapUserInfo{
UserDN: entry.DN,
}
for _, attr := range entry.Attributes {
switch attr.Name {
case "uidNumber": //用户id
if len(attr.Values) == 0 {
return nil, "", errors.New("用户id不存在")
}
user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
return nil, "", err
}
case "sn": //用户真名
user.UserName = strings.Join(attr.Values, "")
case "mail": //邮箱
user.Email = strings.Join(attr.Values, "")
case "mobile": //手机号
user.Mobile = strings.Join(attr.Values, "")
case "postalAddress": //头像
user.Avatar = strings.Join(attr.Values, "")
case "userPassword": //密码
user.Password = strings.Join(attr.Values, ",")
case "employeeType": //员工类型
if len(attr.Values) == 0 {
return nil, "", errors.New("用户类型不存在")
}
user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
return nil, "", err
}
case "postalCode": //状态
if len(attr.Values) == 0 {
return nil, "", errors.New("用户状态不存在")
}
user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
return nil, "", err
}
case "createTimestamp":
user.CreateTime, err = LdapTimeToTime(attr.Values[0])
if err != nil {
return nil, "", err
}
case "modifyTimestamp":
user.UpdateTime, err = LdapTimeToTime(attr.Values[0])
if err != nil {
return nil, "", err
}
}
}
list = append(list, user)
}
rspCookie := ""
// 检查是否还有更多条目需要获取
controls := result.Controls
if len(controls) > 0 {
cookieControl := controls[0]
if control, ok := cookieControl.(*ldap.ControlPaging); ok {
rspCookie = hex.EncodeToString(control.Cookie)
}
}
return list, rspCookie, nil
}
// 从基础用户组中获取指定一批用户
func (l *Ldap) GetLdapBaseTeamUsersByParams(filter string) ([]LdapUserInfo, error) {
result, err := l.Search(l.peopleGroupDN, ldap.ScopeWholeSubtree, filter, nil, nil)
if err != nil {
return nil, err
}
list := make([]LdapUserInfo, 0, len(result.Entries))
for _, entry := range result.Entries {
user := LdapUserInfo{
UserDN: entry.DN,
}
for _, attr := range entry.Attributes {
switch attr.Name {
case "uidNumber": //用户id
if len(attr.Values) == 0 {
return nil, errors.New("用户id不存在")
}
user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
return nil, err
}
case "sn": //用户真名
user.UserName = strings.Join(attr.Values, "")
case "mail": //邮箱
user.Email = strings.Join(attr.Values, "")
case "mobile": //手机号
user.Mobile = strings.Join(attr.Values, "")
case "postalAddress": //头像
user.Avatar = strings.Join(attr.Values, "")
case "userPassword": //密码
user.Password = strings.Join(attr.Values, ",")
case "employeeType": //员工类型
if len(attr.Values) == 0 {
return nil, errors.New("用户类型不存在")
}
user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
return nil, err
}
case "postalCode": //状态
if len(attr.Values) == 0 {
return nil, errors.New("用户状态不存在")
}
user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
return nil, err
}
case "createTimestamp":
user.CreateTime, err = LdapTimeToTime(attr.Values[0])
if err != nil {
return nil, err
}
case "modifyTimestamp":
user.UpdateTime, err = LdapTimeToTime(attr.Values[0])
if err != nil {
return nil, err
}
}
}
list = append(list, user)
}
return list, nil
}