yumoqing/rbac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
227 Commits 2 Branches 0 Tags
Commit Graph

55 Commits

Author SHA1 Message Date
yumoqing
26d1fd1447 feat: register_user 添加 customer.admin 角色,注册时同时分配 customer 和 admin 权限 2026-05-31 10:38:32 +08:00
yumoqing
b0d6b59613 fix: 注册表单仅输入区域滚动,暗色主题输入框颜色优化 
- 注册Tab结构: Text(固定) + VScrollPanel(仅Form) + Button(固定)
- 暗色主题输入框背景 #0f172a -> #1e293b,更协调
 2026-05-30 14:27:33 +08:00
yumoqing
d1b3ca0914 fix: 修复登录弹窗三个显示问题 
- 注册表单超出无滚动: 三个Tab内容均包裹VScrollPanel(scrollpanel)
- Form toolbar不可见: 滚动容器让submit/reset按钮可达
- 文本未国际化: title/label/otext均加i18n:true, archor纠正
- CSS: tabpanel flex布局, tabpanel-content flex:1+min-height:0
- PopupWindow cheight 28->30 给更多显示空间
 2026-05-30 14:16:00 +08:00
yumoqing
36569c0e41 feat: 现代化登录/注册界面改造 
- login.css: 全新现代化样式,支持亮/暗主题
- login.ui: 三Tab布局(密码登录/手机登录/注册),手机登录支持短信验证码
- sms_register.dspy: 短信验证注册后端,验证通过后自动注册并登录
- load_path.py: 添加 sms_register.dspy 到 any 权限
- 修复手机登录 setValue 调用 (上一轮已提交)
- 注册流程: 手机号+短信验证码+用户名+密码,短信验证通过后才允许注册
 2026-05-30 14:08:11 +08:00
yumoqing
019e9702fc fix: use setValue() on codeid field widget instead of direct value assignment 2026-05-30 13:36:54 +08:00
yumoqing
cec79caf88 fix: phone login form.setValue is not a function - use name_inputs direct value set 2026-05-30 13:35:07 +08:00
yumoqing
fa9f7f5146 fix: wrap Tabular in VBox with cheight for proper scrolling 2026-05-29 22:09:56 +08:00
yumoqing
342fc6652a refactor: rewrite SMS login UI using pure bricks patterns 
- login.ui: use actiontype:urlwidget for Form submit → code_login.dspy
- Removed custom JavaScript (phone_login.js)
- Send code button: minimal script action to fetch and set form value
- Login flow: bricks returns Message/Error/VBox widgets directly
- Multi-account selection: code_login.dspy returns VBox with Buttons
 2026-05-29 11:58:30 +08:00
yumoqing
cf186a632b fix: revert uitype to 'hide' (bricks framework uses 'hide' not 'hidden') 2026-05-29 11:36:05 +08:00
yumoqing
567513789e feat: rewrite SMS login UI with fetch-based flow matching phone_login.dspy API 
- login.ui: SMS tab now uses fetch for gen_sms_code.dspy and phone_login.dspy
- Added _webbricks_=1 to fetch URLs (prevents HTML wrapping)
- Added 60s countdown timer on send-code button
- Added multi-account selection UI (status=choose response)
- Fixed uitype 'hide' -> 'hidden' for codeid field
- Dispatches user_logined event after successful phone login
- gen_sms_code.dspy: improved error message for SMS service config issues
- phone_login.dspy: added mark_used parameter for multi-account flow
- phone_login.js: sageSelectAccount handler for account selection
 2026-05-29 11:31:39 +08:00
yumoqing
cfd3810a0a fix: remove _webbricks_=1 from SMS code generation API call 
The _webbricks_=1 parameter was causing the response to be wrapped as a widget instead of plain JSON, which prevented the frontend from correctly parsing the response and setting the codeid field.

Now the API returns plain JSON {status: 'ok', data: {key: '...'}} and the form's hidden codeid field gets properly set after successful SMS generation.
 2026-05-28 18:39:25 +08:00
yumoqing
969a72b528 fix: SMS verification code URL - replace undefined bricks.app.baseUrl with entire_url template 
The send verification code button was sending requests to https://token.opencomputing.cn/undefined/rbac/gen_sms_code.dspy because bricks.app.baseUrl doesn't exist in the bricks framework (it uses baseURI on widgets).

Fix: Use Jinja2 entire_url() template function like all other URLs in the file.
 2026-05-28 18:24:39 +08:00
yumoqing
ff03efb50a fix: Button label更新改用set_otext()支持国际化 
set_text()直接设置innerHTML跳过i18n翻译,
set_otext()会先调用i18n._()翻译再set_text,
与Button初始化时i18n:true的配置保持一致。
 2026-05-28 17:00:57 +08:00
yumoqing
f44104b8a5 fix: Button label更新使用text_w.set_text()替代options.label赋值 
根因:
1. script上下文中this为undefined,无法通过this.options.label访问
2. btn.options.label只修改属性不更新DOM,需调用text_w.set_text()
3. Button内部label是bricks.Text子组件(text_w),需通过其API更新
 2026-05-28 16:52:26 +08:00
yumoqing
53111aa2fd fix: Form.getValue()返回FormData对象,改用_getValue()获取普通对象 
根因:bricks Form的getValue()内部调用get_formdata()返回浏览器
原生FormData对象,不支持.cell_no属性访问。
改用_getValue()返回{name:value}普通JS对象。
 2026-05-28 16:27:56 +08:00
yumoqing
92627c9c96 fix: 手机验证码tab改用VBox+独立Button,避免toolbar tool触发submit导致tab跳转 
根因:Form toolbar tool点击会同时触发Form的submit事件,
submit的urlwidget替换Form后TabPanel重置到第一个tab。
改为VBox包裹Form和独立Button,Button通过bricks.getWidgetById
读取Form值,fetch加_webbricks_=1确保返回纯JSON。
 2026-05-28 15:03:50 +08:00
yumoqing
7200ee43a0 fix: 手机验证码gen_code按钮用datawidget/datamethod传表单值给script 
原script中this.getValue()在toolbar tool事件上下文中拿不到表单数据,
改用datawidget/datamethod机制将表单值通过params传入script。
回写codeid用.bind(this)保持Form引用。
 2026-05-28 14:10:37 +08:00
yumoqing
de21b9fd38 feat: 手机验证码登录对接 + 注册tab + user_logined事件派发 
- 新增 code_login.dspy: 接收前端表单(cell_no/codeid/check_code)
  映射到sms_engine验证,返回UI widget含自动登录binds
- 修复 login.ui 手机验证码tab: gen_code按钮改用script调用
  gen_sms_code.dspy并回写key到隐藏字段,submit指向code_login.dspy
- login.ui 新增注册tab: 用户名/手机号/密码/确认密码表单
- register.dspy: 注册成功后自动remember_user并返回含binds的
  Message widget(加载userinfo、销毁登录窗、派发user_logined)
- up_login.dspy: 补充user_logined事件派发bind
- load_path.py: code_login.dspy加入any权限,gen_sms_code.dspy
  从logined移至any(验证码发送在登录前)
 2026-05-28 13:50:17 +08:00
yumoqing
54b0f3d7b6 fix: dispatch user_logined event after successful login 
After login message is dismissed, dispatches 'user_logined' on bricks.app
so the sidebar menu reloads without requiring manual page reload.
 2026-05-28 13:42:03 +08:00
yumoqing
9d2a94131a feat: improve logout.dspy with refresh button 
After logout, show success message with a button to reload the page,
which triggers the sidebar menu to re-render with unauthenticated state.
 2026-05-27 17:58:15 +08:00
yumoqing
0ac6c83ead bugfix 2026-05-18 16:00:42 +08:00
yumoqing
fb5a24c240 fix: add POST method to register form submit binding 2026-05-12 10:41:50 +08:00
yumoqing
c0c9d0a489 fix: change datetime.now() to datetime.datetime.now() in up_login.dspy 
ahserver pre-loads 'import datetime' module, so datetime class must be
accessed as datetime.datetime, not directly as datetime (which was only
valid when 'from datetime import datetime' was used).
 2026-04-26 11:37:30 +08:00
yumoqing
1b5ae8aba9 fix: remove unnecessary 'from datetime import datetime' in up_login.dspy 
datetime module is pre-loaded by ahserver framework, import statements
are not needed and not supported in .dspy files.
 2026-04-26 11:32:48 +08:00
yumoqing
8aada101ca fix(rbac): remove MySQL-specific SQL for cross-database compatibility 
- Replace DATE_SUB(NOW(), INTERVAL 300 SECOND) with Python-level time check
- Replace NOW() with parameterized timestamps from Python
- Lockout check now done in _is_locked() function (DB-agnostic)
- All UPDATE statements use parameterized values, not DB functions
- Works with MySQL, PostgreSQL, SQLite, SQL Server, Oracle
 2026-04-26 11:04:15 +08:00
yumoqing
622b0558b9 fix(rbac): fix high-concurrency race conditions in login and cache 
1. Login lockout race condition:
   - Replace SELECT-then-UPDATE with atomic database operations
   - Lockout check now in SQL WHERE clause (DATE_SUB comparison)
   - Fail count increment: UPDATE ... SET count = count + 1 (atomic)
   - Applied to checkUserPassword, basic_auth, up_login.dspy, phone_login.dspy

2. Cache threading.Lock -> asyncio.Lock:
   - LRUCache now uses lazy-init asyncio.Lock
   - Prevents blocking the event loop in async environment
   - UserPermissions._rp_lock also uses asyncio.Lock
   - Double-check pattern in load_roleperms prevents duplicate DB loads

3. Use database NOW() instead of Python curDateString for concurrent updates
 2026-04-26 10:58:13 +08:00
yumoqing
3fdd4efeff feat(rbac): add login tracking, lockout, secure cache 
- Add created_at, last_login, login_fail_count, last_login_fail fields
- 3 failed logins locks account for 5 minutes
- LRU+TTL cache for UserPermissions, thread-safe
- All login methods update last_login
- Migration SQL for existing databases
 2026-04-26 10:49:01 +08:00
yumoqing
a8a5199c25 bugfix 2026-04-23 12:51:51 +08:00
yumoqing
704f7f3700 bugfix 2026-04-15 15:37:08 +08:00
yumoqing
188ce21b83 bugfix 2026-04-01 18:20:46 +08:00
yumoqing
593f60a7a0 bugfix 2026-04-01 18:19:16 +08:00
yumoqing
3098c3dd7e bugfix 2026-04-01 18:05:51 +08:00
yumoqing
303c70e5ca bugfix 2026-02-24 19:42:52 +08:00
yumoqing
4d07f61842 bugfix 2026-01-28 16:30:14 +08:00
yumoqing
82ca04a760 bugfix 2026-01-28 16:26:50 +08:00
yumoqing
dac9cd1b5c bugfix 2026-01-14 10:36:40 +08:00
yumoqing
a1ed3f6620 bugfix 2026-01-14 10:32:36 +08:00
yumoqing
a7a0f49bc7 bugfix 2026-01-14 09:50:00 +08:00
yumoqing
7e34dcd666 bugfix 2026-01-14 09:42:57 +08:00
yumoqing
a300f56411 bugfix 2026-01-14 09:41:56 +08:00
yumoqing
2b3357d380 Merge branch 'main' of git.opencomputing.cn:yumoqing/rbac 2026-01-14 09:28:59 +08:00
yumoqing
f3c57839c0 bugfix 2026-01-14 09:28:53 +08:00
yumoqing
ab9fdce885 bugfix 2026-01-07 15:20:48 +08:00
yumoqing
b6ad4af8a8 bugfix 2025-12-26 10:51:53 +08:00
yumoqing
f734989d28 bugfix 2025-12-25 16:05:57 +08:00
yumoqing
66e8ffda22 bugfix 2025-12-16 13:19:36 +08:00
yumoqing
e5d85a696c bugfix 2025-08-07 15:22:35 +08:00
yumoqing
da195760af bugfix 2025-08-07 15:18:32 +08:00
yumoqing
5870ed6a9d bugfix 2025-07-28 16:44:09 +08:00
yumoqing
aa03d6959e bugfix 2025-07-28 16:42:35 +08:00