dapi/dapi.py

@@ -1,183 +1,81 @@
-from traceback import format_exc
+
-from appPublic.log import debug, exception, info
-from appPublic.timeUtils import curDateString
-from uniqueID import getID
 from time import time
-from ahserver.serverenv import ServerEnv
-from ahserver.auth_api import get_session_userinfo, user_login
-from sqlor.dbpools import DBPools
-form rbac.check_perm improt create_org, create_user
-
 from appPublic.aes import aes_encrypt_ecb, aes_decrypt_ecb
-
+from appPublic.timeUtils import curDateString
-return_messages = {
+from sqlor.dbpools import DBPools
-	-9: '用户同步：未知未知错误',
+from ahserver.serverenv import get_serverenv
-	-4: '用户同步：添加用户apikey失败',
+from ahserver.auth_api import get_session_userinfo
-	-3: '用户同步：添加用户失败',
-	-2: '用户同步：添加机构失败',
-	-1: '用户同步：用户已同步'
-}
 
 def get_dbname():
-	dbname = get_serverenv('get_module_dbname')('dapi')
+	f = get_serverenv('get_module_dbname')
-	return dbname
+	if f:
-
+		return f('dapi')
-async def get_secretkey(sor, appid):
-	recs = await sor.R('downapp', {'id':appid})
-	if len(recs) < 1:
-		return None
-	secretkey = recs[0].secretkey
-	f = get_serverenv('password_decode')
-	return f(secret_key).encode('utf-8')
-
-async def get_apikey_user(sor, apikey):
-	f = get_serverenv('password_encode')
-	apikey = f(apikey)
-    sql = """select u.* from downapikey a, users u 
-where a.userid = b.id 
-	and apikey=${apikey}$ 
-	and expired_date > ${today}$"""
-
-    recs = await sor.sqlExe(sql, {"apikey":apikey, 'today': curDateString()})
-    if len(recs) < 1:
-        return None
-    return recs[0]
-
-async def bearer_auth(auth):
-	if not auth.startswith('Bearer '):
-		return None
-    apikey = auth[7:]
-
-    if apikey is None:
-        return None
-	db = DBPools()
-	dbname = get_dbname()
-	async with db.sqlorContext(dbname) as sor:
-		user = await get_apikey_user(sor, apikey)
-		await user_login(user.id, username=user.username, userorgid=user.orgid)
-		return user.id
 	return None
 
-async def deerer_auth(auth):
+def build_manisdata(appid, apikey, secretkey):
-	if not auth.startswith('Deerer '):
+	"""
-		return None
+	this appid is isusses by upapp we connect to,
-	deer_data = auth[7:]
+	secretkey is with the appid, is s fixed key from upapp
-	appid, cyber = bear_data.split('-:-')
+	apikey is user's apikey assigned by upapp when the users is synchronous to upapp
-	db = DBPools()
+	"""
-	dbname = get_dbname()
+	t = time()
-	async with db.sqlorContext(dbname) as sor:
+	txt = f'{t}:{apikey}
-		secretkey = await get_secretkey(sor, appid)
+	cyber = aes_encrypt_ecb(secretkey, txt)
-		txt = aes_decrypt_ecb(secretkey, cyber)
+	return f'Manis {appid}-:-{cyber}'
-		t, apikey = txt.split(':')
-		user = await get_apikey_user(apikey)
-		await user_login(user.id, username=user.username, userorgid=user.orgid)
-		return user.id
 	
-	return None
+def build_dearerdata(apikey):
+	return f'Dearer {apikey}'
 
-def return_error(code):
+async def get_apikeys(sor, appid, orgid, userid):
-	return {
+	ns = {
-		'status':'error',
+		'appid':appid,
-		'errcode': code,
-		'errmsg': return_messages.get(code, '未定义信息')
-	}
-
-def return_success(data):
-	return {
-		'status':'success',
-		'data':data
-	}
-
-async def get_orgid_by_dorgid(sor, dappid, dorgid):
-	d = {
-		'dappid':dappid,
-		'dorgid':dorgid
-	}
-	recs = await sor.R('downapikey', d)
-	if len(recs) < 1:
-		return None
-	return recs[0].orgid
-
-async def check_duserid_exists(sor, dappid, dorgid, duserid):
-	d = {
-		'dappid': dappid,
-		'duserid': duserid,
-		'dorgid': dorgid
-	}
-	recs = await sor.R('kwdownapikey', d)
-	if len(recs):
-		return True
-	return False
-
-async def add_organzation(sor, dappid, org):
-	id = getID()
-	org['id'] = id
-	await create_org(sor, org)
-	return id
-
-async def add_user(sor, user):
-	id = getID()
-	user['id'] = id
-	await create_user(sor, user, roles=user['roles']
-	return id
-	
-async def add_apikey(sor, dappid, dorgid, duserid, orgid, userid):
-	apikey = getID()
-	d = {
-		'id': getID,
-		'dappid': dappid, 
-		'dorgid': dorgid,
-		'duserid': duserid,
 		'orgid':orgid,
 		'userid':userid,
-		'apikey': id,
+		'today':curDateString()
-		'enabled': '1',
-		'created_at': curDateString(),
-		'expires_at': '9999-12-31'
 	}
-	await sor.C('downapikey', d)
+	sql = """select a.myid, b.apikey, b.secretkey from upapp a, upapikey b
-	return apikey
+where a.upappid = ${appid}$
+	and b.userid = ${userid}$
+	and b.orgid = ${orgid}$
+	and b.expired_date > ${today}$
+	and b.enabled_date <= ${today}$"""
+	recs = await sor.sqlExe(sql, ns)
+	if len(recs) > 0:
+		r = recs[0]
+		return r
+	return r
 
-async def sync_user(request, params_kw, *args, **kw):
+async def sync_users(request, upappid, orgid):
-	dappid = params_kw.dappid
 	db = DBPools()
 	dbname = get_dbname()
-	userinfo = await get_session_userinfo(request)
 	async with db.sqlorContext(dbname) as sor:
-		ret_users = []
+		upapp = await get_upapp(sor, upappid)
-		roles = [{
+
-			'orgtypeid': 'customer',
+async def dearer_header(request, appid):
-			'roles': [ 'customer', 'syncuser' ]
+	db = DBPools()
-		}]
+	dbname = get_dbname()
-		for o in  params_kw.organizations:
+	async with db.sqlorContext(dbname) as sor:
-			for u in o['users']:
+		u = await get_session_userinfo(request)
-				dorgid = o['id']
+		r  = await get_apikeys(sor, appid, u.userorgid, u.userid)
-				duserid = u['id']
+		if r is None:
-				orgid = await get_orgid_by_dorgid(sor, dappid, dorgid)
+			return None
-				if orgid is None:
+		dearer = build_dearerdata(r.apikey)
-					if o.get('parentid') is None:
+		return {
-						o['parentid'] = userinfo.userorgid
+			"Authorization": dearer
-					else:
+		}
-						nparentid = await get_orgid_by_dorgid(sor, dappid, o.get('parentid'))
+	return {}
-						o['parentid'] = nparentid
+	
-					orgid = await add_organzation(sor, dappid, o)
+async def manis_header(request, appid):
-					if orgid is None:
+	db = DBPools()
-						return return_error(-2)
+	dbname = get_dbname()
-				u['orgid'] = o['id']
+	async with db.sqlorContext(dbname) as sor:
-				u['roles'] = roles
+		u = await get_session_userinfo(request)
-				exists = check_duserid_exists(sor, dappid, dorgid, duserid)
+		r  = await get_apikeys(sor, appid, u.userorgid, u.userid)
-				if exists:
+		if r is None:
-					return return_error(-1)
+			return None
-				userid = await add_user(sor, u)
+		manis = build_manisdata(r.myid, r.apikey, r.secretkey)
-				if userid is None:
+		return {
-					return return_error(-3)
+			"Authorization": manis
-				apikey = await add_apikey(sor, dappid, orgid, userid, u)
+		}
-				if apikey is None:
+	return {}
-					return return_error(-4)
-				ret_users.append({
-					'id': u['id'],
-					'apikey': apikey
-				})
-		return return_success(ret_users)
-	return return_error(-9)
 

dapi/init.py

@@ -1,10 +1,7 @@
-from dapi.dapi import sync_user, bearer_auth, deerer_auth
+from daap.dapi import dearer_header, manis_header
 from ahserver.serverenv import ServerEnv
-from rbac.check_perm import register_auth_method
-
-def load_kyapikeyserver():
-	env = ServerEnv()
-	env.sync_user = sysnc_user
-	register_auth_method('Bearer', bearer_auth)
-	register_auth_method('Deerer', deerer_auth)
 
+def load_dapi():
+	env = ServerEnv
+	env.dearer_header = dearer_header
+	env.manis_header = manis_header

json/downapikey.json

@@ -1,17 +0,0 @@
-{
-    "tblname": "apikey",
-    "title":"用户",
-    "params": {
-        "sortby":"name",
-        "confidential_fields":["apikey"],
-        "logined_userorgid":"orgid",
-        "browserfields": {
-            "exclouded": ["id", "apikey", "orgid", "userid" ],
-            "alters": {}
-        },
-        "editexclouded": [
-            "id", "apikey", "orgid", "userid"
-        ]
-    }
-}
-

json/downapp.json

@@ -1,23 +0,0 @@
-{
-    "tblname": "downapp",
-    "title":"下位系统",
-    "params": {
-        "sortby":"id",
-        "confidential_fields":["secretkey"],
-        "browserfields": {
-            "exclouded": ["id", "secretkey" ],
-            "alters": {}
-        },
-        "editexclouded": [
-            
-        ],
-        "subtables": [
-            {
-                "field":"appid",
-                "title":"apikey",
-                "subtable":"downapikey"
-            }
-        ]
-    }
-}
-

json/upapikey.json

@@ -0,0 +1,3 @@
+{
+	"tblname":"upapikey"
+}

json/upapp.json

@@ -0,0 +1,3 @@
+{
+	"tblname":"upapp"
+}