yumoqing/rbac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
194 Commits 2 Branches 0 Tags
Commit Graph

194 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yumoqing
835a2ff3f7 fix: add filler css + overflowY:auto to content container 2026-05-26 13:57:42 +08:00
yumoqing
8cec17c042 feat: add cross-process cache invalidation via Redis Pub/Sub 
- userperm.py: All invalidate_* and on_* handlers changed to async
  - Each invalidation now broadcasts via cache_sync.invalidate()
  - invalidate_user_cache() -> 'rbac:ur:{userid}'
  - invalidate_all_user_caches() -> 'rbac:ur:all'
  - invalidate_rp_cache() -> 'rbac:rp'

- init.py: Added start_cache_sync() async function
  - Starts Redis Pub/Sub subscription
  - Registers callbacks for rbac:rp and rbac:ur:all channels

- set_role_perms.py: CLI script now sends invalidation after execution
  - send_rbac_invalidation() starts cache_sync, publishes, then stops

Compatible with existing EventDispatcher (already supports async handlers)
 2026-05-26 13:52:10 +08:00
yumoqing
1b21f46336 feat: add index.ui as module entry with user management, path roles, and unauth file scan cards 2026-05-26 12:11:32 +08:00
yumoqing
f8c8a4ce4d refactor: move RBAC tools logic to rbac/rbac_tools.py, dspy files call via request._run_ns 2026-05-26 09:32:38 +08:00
yumoqing
0b456486db feat: add RBAC tools — list_path_roles, find_unauth_files, and permission registration script 2026-05-26 09:18:04 +08:00
yumoqing
c53c16d54c feat: add RBAC tools — list_path_roles and find_unauth_files 2026-05-26 09:12:33 +08:00
yumoqing
fd9ef322c7 bugfix 2026-05-22 17:21:00 +08:00
yumoqing
04552941e5 bugfix 2026-05-22 16:54:08 +08:00
yumoqing
1b720c4b89 bugfix 2026-05-22 15:58:59 +08:00
yumoqing
ce1521d46a feat: add json table definitions for all models (converted from xlsx) 2026-05-21 12:46:27 +08:00
yumoqing
0ac6c83ead bugfix 2026-05-18 16:00:42 +08:00
yumoqing
c0ea3baef1 Merge branch 'main' of git.opencomputing.cn:yumoqing/rbac 2026-05-18 15:57:36 +08:00
yumoqing
d168326f09 bugfix 2026-05-18 15:31:00 +08:00
yumoqing
3f2001378e bugfix 2026-05-18 15:25:43 +08:00
yumoqing
4f103000b9 feat: implement real-time cache invalidation via DB event binding 
- Fixed syntax errors in userperm.py __init__ (removed broken 'this' reference
  and incomplete method definition)
- Added 7 production-grade event handlers on UserPermissions:
  - on_user_create/update/delete: invalidate specific user cache
  - on_rolepermission_change: invalidate role-permission cache
  - on_permission_change: invalidate role-permission cache
  - on_role_change: invalidate ALL user + role-permission caches
  - on_userrole_change: invalidate specific user cache by userid
- Added _bind_rbac_events() in init.py with 13 event bindings covering:
  users C/U/D, rolepermission C/U/D, permission U, role C/U/D, userrole C/U/D
- All handlers have try/except error isolation to prevent one failure
  from breaking other handlers
- Events auto-dispatched by sqlor after C/U/D operations (no service restart needed)
- Cleaned up unused imports (DBPools, exception)
 2026-05-18 12:42:17 +08:00
yumoqing
d96444cf60 fix: replace getID() with uuid() in dspy context 2026-05-13 11:50:24 +08:00
yumoqing
cd82b345aa fix: use dappid+userid for downapikey query/insert, matching actual table schema 2026-05-13 11:44:34 +08:00
yumoqing
f313877f4b fix: remove non-existent kwdownapikey table, use downapikey directly for per-user apikey lookup 2026-05-13 11:22:04 +08:00
yumoqing
fe7025ac0f fix: use kwdownapikey for per-user apikey existence check to prevent same org sharing apikey 2026-05-12 20:12:19 +08:00
yumoqing
d57d165a08 fix: add openCustomerAccounts call and fix sync message in usersync 2026-05-12 18:54:15 +08:00
yumoqing
59c321d941 fix: check user existence and register user/org if missing using rbac functions 2026-05-12 18:46:02 +08:00
yumoqing
e7193933ae fix: ensure user and org are created in users table before apikey creation in usersync 2026-05-12 18:37:23 +08:00
yumoqing
2fb9098699 fix: correct indentation in batch loop, fix for-else bug causing continue syntax error 2026-05-12 18:30:56 +08:00
yumoqing
3bb57dafd7 fix: convert tabs to spaces in usersync/index.dspy to resolve TabError 2026-05-12 18:20:24 +08:00
yumoqing
f1ed6ad151 fix: verify user exists before returning existing apikey in usersync, clean stale downapikey records 2026-05-12 18:13:50 +08:00
yumoqing
09acce0637 fix: remove ServerEnv() usage in dspy script, change expires_at to expired_date 2026-05-12 18:03:32 +08:00
yumoqing
fb5a24c240 fix: add POST method to register form submit binding 2026-05-12 10:41:50 +08:00
yumoqing
15079c356b feat: 支持x-api-key header认证模式 
- getAuthenticationUserid增加x-api-key header检查
- 优先调用dapi模块注册的x_api_key_auth处理函数
 2026-05-11 15:37:23 +08:00
yumoqing
ceb26adf53 feat: 添加用户同步接口 /rbac/usersync/ 
- 新增POST接口支持单个和批量用户同步到dapi模块
- 返回每个用户的dapi apikey
- 优先调用dapi模块的create_user_apikey函数
- 添加API说明书文档
 2026-05-11 15:10:56 +08:00
yumoqing
50892fc3d2 Merge branch 'main' of git.opencomputing.cn:yumoqing/rbac 2026-05-11 10:52:45 +08:00
yumoqing
e01db70dd0 fix(userperm): support ** wildcard and /main prefix in check_roles_path 2026-04-29 23:02:31 +08:00
yumoqing
ebd678a43d bugfix 2026-04-29 16:59:07 +08:00
yumoqing
ccf66ecd23 bugfix 2026-04-26 20:27:54 +08:00
yumoqing
0d5878f2ea bugfix 2026-04-26 20:25:05 +08:00
yumoqing
a460c0b888 bugfix 2026-04-26 20:24:53 +08:00
yumoqing
fdabfc2261 bugfix 2026-04-26 20:14:56 +08:00
yumoqing
5781621331 bugfix 2026-04-26 17:05:46 +08:00
yumoqing
90e9e943b2 bugfix 2026-04-26 15:14:33 +08:00
yumoqing
7b36e2d159 bugfix 2026-04-26 15:02:32 +08:00
yumoqing
59f68c3141 bugfix 2026-04-26 15:01:05 +08:00
yumoqing
afceb713b7 bugfix 2026-04-26 12:29:35 +08:00
yumoqing
c0c9d0a489 fix: change datetime.now() to datetime.datetime.now() in up_login.dspy 
ahserver pre-loads 'import datetime' module, so datetime class must be
accessed as datetime.datetime, not directly as datetime (which was only
valid when 'from datetime import datetime' was used).
 2026-04-26 11:37:30 +08:00
yumoqing
1b5ae8aba9 fix: remove unnecessary 'from datetime import datetime' in up_login.dspy 
datetime module is pre-loaded by ahserver framework, import statements
are not needed and not supported in .dspy files.
 2026-04-26 11:32:48 +08:00
yumoqing
8aada101ca fix(rbac): remove MySQL-specific SQL for cross-database compatibility 
- Replace DATE_SUB(NOW(), INTERVAL 300 SECOND) with Python-level time check
- Replace NOW() with parameterized timestamps from Python
- Lockout check now done in _is_locked() function (DB-agnostic)
- All UPDATE statements use parameterized values, not DB functions
- Works with MySQL, PostgreSQL, SQLite, SQL Server, Oracle
 2026-04-26 11:04:15 +08:00
yumoqing
622b0558b9 fix(rbac): fix high-concurrency race conditions in login and cache 
1. Login lockout race condition:
   - Replace SELECT-then-UPDATE with atomic database operations
   - Lockout check now in SQL WHERE clause (DATE_SUB comparison)
   - Fail count increment: UPDATE ... SET count = count + 1 (atomic)
   - Applied to checkUserPassword, basic_auth, up_login.dspy, phone_login.dspy

2. Cache threading.Lock -> asyncio.Lock:
   - LRUCache now uses lazy-init asyncio.Lock
   - Prevents blocking the event loop in async environment
   - UserPermissions._rp_lock also uses asyncio.Lock
   - Double-check pattern in load_roleperms prevents duplicate DB loads

3. Use database NOW() instead of Python curDateString for concurrent updates
 2026-04-26 10:58:13 +08:00
yumoqing
3fdd4efeff feat(rbac): add login tracking, lockout, secure cache 
- Add created_at, last_login, login_fail_count, last_login_fail fields
- 3 failed logins locks account for 5 minutes
- LRU+TTL cache for UserPermissions, thread-safe
- All login methods update last_login
- Migration SQL for existing databases
 2026-04-26 10:49:01 +08:00
yumoqing
a8a5199c25 bugfix 2026-04-23 12:51:51 +08:00
yumoqing
fde83da96f chore: 添加setup.py配置文件 2026-04-16 14:36:29 +08:00
yumoqing
4876288fce chore: 添加.gitignore排除构建产物 2026-04-16 14:35:39 +08:00
yumoqing
704f7f3700 bugfix 2026-04-15 15:37:08 +08:00