Skip to content
Snippets Groups Projects
Commit caac306f authored by 천 진강's avatar 천 진강
Browse files

feat: 어드민 권한 확인 로직 추가

parent cf23a243
Branches
No related tags found
4 merge requests!15Feat/certificate,!6Feat/forwarding 포트포워딩 CRUD,!5Feat/auth 어드민 권한 확인 로직, 개인 토큰 사용하도록 변경,!4feat: 어드민 권한 확인 로직 추가
......@@ -13,5 +13,5 @@ import java.util.List;
@Builder
public class LoginResponseDTO {
private Boolean isAdmin;
private List<ProjectIdAndNameDTO> lists;
private List<ProjectIdAndNameDTO> projects;
}
......@@ -38,15 +38,16 @@ public class AuthService {
String userId = user.get("id");
String token = user.get("token");
String systemToken = getSystemToken(userId, loginRequestDTO.getPassword());
if (userId == null || token == null) {
throw new CustomException(ErrorCode.INVALID_USER_INFO);
}
response.addHeader("X-Subject-Token", token);
response.addHeader("X-Subject-Token", systemToken != null ? systemToken : token);
return LoginResponseDTO.builder()
.isAdmin(false)
.lists(getProjectsWithUser(user))
.isAdmin(systemToken != null)
.projects(getProjectsWithUser(user))
.build();
}
......@@ -88,6 +89,50 @@ public class AuthService {
"token", token);
}
private String getSystemToken(String id, String password) {
String url = keystone + "/auth/tokens";
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
String requestBody = "{\n" +
" \"auth\": {\n" +
" \"identity\": {\n" +
" \"methods\": [\n" +
" \"password\"\n" +
" ],\n" +
" \"password\": {\n" +
" \"user\": {\n" +
" \"id\": \"" + id + "\",\n" +
" \"password\": \"" + password + "\"\n" +
" }\n" +
" }\n" +
" },\n" +
" \"scope\": {\n" +
" \"system\": {\n" +
" \"all\": true\n" +
" }\n" +
" }\n" +
" }\n" +
"}";
HttpEntity<String> requestEntity;
ResponseEntity<Map> res;
try {
requestEntity = new HttpEntity<>(requestBody, headers);
res = restTemplate.postForEntity(url, requestEntity, Map.class);
} catch (RuntimeException e) {
return null;
}
Map<String, Object> resToken = (Map<String, Object>) res.getBody().get("token");
Map<String, Object> resUser = (Map<String, Object>) resToken.get("user");
String userId = (String) resUser.get("id");
String token = res.getHeaders().getFirst("X-Subject-Token");
return token;
}
// 특정 사용자의 특정 프로젝트 내 최고 권한 반환
public Map<String, String> getBestRoleWithinProject(String token, String projectId) throws JsonProcessingException {
return getBestRoleWithinProject(Map.of(
......@@ -107,7 +152,7 @@ public class AuthService {
String url = keystone + "/role_assignments?user.id=" + userId + "&effective&include_names=true&scope.project.id=" + projectId;
HttpHeaders headers = new HttpHeaders();
headers.set("X-Auth-Token", getAdminToken());
headers.set("X-Auth-Token", token);
HttpEntity<String> requestEntity = new HttpEntity<>(headers);
ResponseEntity<String> res = restTemplate.exchange(url, HttpMethod.GET, requestEntity, String.class);
......@@ -151,7 +196,7 @@ public class AuthService {
String url = keystone + "/users/" + userId + "/projects";
HttpHeaders headers = new HttpHeaders();
headers.set("X-Auth-Token", getAdminToken());
headers.set("X-Auth-Token", token);
HttpEntity<String> requestEntity = new HttpEntity<>(headers);
ResponseEntity<String> res = restTemplate.exchange(url, HttpMethod.GET, requestEntity, String.class);
......@@ -172,7 +217,7 @@ public class AuthService {
private String validateTokenAndGetUserId(String token) throws JsonProcessingException {
String url = keystone + "/auth/tokens";
HttpHeaders headers = new HttpHeaders();
headers.set("X-Auth-Token", getAdminToken());
headers.set("X-Auth-Token", token);
headers.set("X-Subject-Token", token);
HttpEntity<String> requestEntity = new HttpEntity<>(headers);
ResponseEntity<String> res;
......@@ -184,4 +229,30 @@ public class AuthService {
return objectMapper.readTree(res.getBody()).path("token").path("user").path("id").asText();
}
private Boolean isAdmin(Map<String, String> user) throws JsonProcessingException {
String url = keystone + "/role_assignments?user.id=" + user.get("id") + "&scope.system&include_names";
HttpHeaders headers = new HttpHeaders();
headers.set("X-Auth-Token", user.get("token"));
HttpEntity<String> requestEntity = new HttpEntity<>(headers);
ResponseEntity<String> res;
try {
res = restTemplate.exchange(url, HttpMethod.GET, requestEntity, String.class);
} catch (RuntimeException e) {
e.printStackTrace();
System.out.println("runtime");
return false;
}
JsonNode node = objectMapper.readTree(res.getBody()).path("role_assignments");
String system_all = node.path("scope").path("system").path("all").asText();
String role = node.path("role").path("name").asText();
System.out.println("role: " + role);
if (system_all.equals("true") && role.equals("admin")) {
System.out.println(system_all);
return true;
}
System.out.println("hi");
return false;
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment