aaa

package

v1.1.1 Latest Latest Go to latest Published: Jul 8, 2019 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Repository URL not available.

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var Index = &ctx.Context{Name: "aaa", Help: "认证中心",
	Caches: map[string]*ctx.Cache{
		"nuser": &ctx.Cache{Name: "nuser", Value: "0", Help: "用户数量"},
	},
	Configs: map[string]*ctx.Config{
		"hash":        &ctx.Config{Name: "hash", Value: map[string]interface{}{}, Help: "散列"},
		"auth":        &ctx.Config{Name: "auth", Value: map[string]interface{}{}, Help: "散列"},
		"auth_expire": &ctx.Config{Name: "auth_expire", Value: "10m", Help: "权限超时"},
		"auth_type": &ctx.Config{Name: "auth_type", Value: map[string]interface{}{
			"unique":  map[string]interface{}{"session": true, "bench": true, "relay": true},
			"public":  map[string]interface{}{"userrole": true, "username": true, "cert": true, "access": true},
			"single":  map[string]interface{}{"password": true, "token": true, "uuid": true, "ppid": true},
			"secrete": map[string]interface{}{"password": true, "token": true, "uuid": true, "ppid": true},
		}, Help: "散列"},

		"expire": &ctx.Config{Name: "expire(s)", Value: "72000", Help: "会话超时"},
		"email": &ctx.Config{Name: "email", Value: map[string]interface{}{
			"self": "shylinux@163.com",
			"smtp": "smtp.163.com",
			"port": "25",
		}, Help: "会话超时"},
	},
	Commands: map[string]*ctx.Command{
		"_init": &ctx.Command{Name: "_init", Help: "数字摘要", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			m.Conf("runtime", "node.cert", m.Cmdx("nfs.load", os.Getenv("node_cert")))
			m.Conf("runtime", "node.key", m.Cmdx("nfs.load", os.Getenv("node_key")))
			return
		}},
		"hash": &ctx.Command{Name: "hash [meta...]", Help: "数字摘要", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if len(arg) == 0 {
				m.Cmdy("ctx.config", "hash")
				return
			}

			hs, meta := kit.Hash(arg)
			m.Log("info", "%s: %v", hs, meta)
			m.Confv("hash", hs, meta)
			m.Echo(hs)
			return
		}},
		"auth": &ctx.Command{Name: "auth [id] [delete data|ship|node] [[ship] type [meta]] [[data] key [val]] [[node] key [val]]",
			Help: "权限区块链", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
				if len(arg) == 0 {
					m.Confm("auth", func(key string, node map[string]interface{}) {
						up := false
						if ship, ok := node["ship"].(map[string]interface{}); ok {
							for k, v := range ship {
								val := v.(map[string]interface{})
								switch val["ship"].(string) {
								case "0":
									if !up {
										up = true
										m.Add("append", "up_key", k[:6])
										m.Add("append", "up_type", val["type"])

									}
								}
							}
						}
						if !up {
							m.Add("append", "up_key", "")
							m.Add("append", "up_type", "")

						}
						m.Add("append", "key", key)
						m.Add("append", "type", node["type"])
						m.Add("append", "meta", node["meta"])
					})
					m.Sort("type").Table()
					return
				}

				s, t, a := "", "", ""
				if v := m.Confm("auth", arg[0]); v != nil {
					s, t, a, arg = arg[0], kit.Format(v["type"]), kit.Format(v["meta"]), arg[1:]
				}
				if len(arg) == 0 {
					m.Echo(t)
					return
				}

				p, route, block, chain := s, "ship", []map[string]string{}, []map[string]string{}
				for i := 0; i < len(arg); i += 2 {
					if node := m.Confm("auth", arg[i]); node != nil {
						if i++; p != "" {
							expire := kit.Int(m.Time(m.Conf("auth_expire"), "stamp"))
							m.Confv("auth", []string{arg[i-1], "ship", p}, map[string]interface{}{
								"create_time": m.Time(), "expire_time": expire,
								"type": t, "meta": a, "ship": "5",
							})
							m.Confv("auth", []string{p, "ship", arg[i-1]}, map[string]interface{}{
								"create_time": m.Time(), "expire_time": expire,
								"type": node["type"], "meta": node["meta"], "ship": "4",
							})
						}
						p, t, a = arg[i-1], node["type"].(string), node["meta"].(string)
					}

					if i < len(arg) {
						switch arg[i] {
						case "data", "node", "ship":
							route, i = arg[i], i+1
						}
					}
					if p == "" && route != "ship" {
						return
					}

					switch route {
					case "ship":
						if i >= len(arg)-1 {
							if p == "" {
								m.Confm("auth", func(k string, node map[string]interface{}) {
									if i > len(arg)-1 || node["type"].(string) == arg[i] || strings.HasSuffix(k, arg[i]) || strings.HasPrefix(k, arg[i]) {
										m.Add("append", "create_time", node["create_time"])
										m.Add("append", "key", k)
										m.Add("append", "type", node["type"])
										m.Add("append", "meta", node["meta"])
									}
								})
							} else {
								if i == len(arg)-1 {
									m.Confm("auth", []string{arg[i]}, func(node map[string]interface{}) {
										m.Confv("auth", []string{p, "ship", arg[i]}, node)
									})
								}

								m.Confm("auth", []string{p, "ship"}, func(k string, ship map[string]interface{}) {
									if node := m.Confm("auth", k); i > len(arg)-1 || ship["type"].(string) == arg[i] || strings.HasSuffix(k, arg[i]) || strings.HasPrefix(k, arg[i]) {
										m.Add("append", "create_time", node["create_time"])
										m.Add("append", "key", k)
										m.Add("append", "ship", ship["ship"])
										m.Add("append", "type", node["type"])
										m.Add("append", "meta", node["meta"])
									}
								})
							}
							m.Sort("create_time", "time_r").Set("result").Table()
							return
						}

						if arg[i] == "delete" {
							m.Confm("auth", []string{p, "ship"}, func(ship map[string]interface{}) {
								for _, k := range arg[i+1:] {
									m.Confm("auth", []string{k, "ship"}, func(peer map[string]interface{}) {
										m.Log("info", "delete peer %s %s %s", k, s, kit.Formats(peer[s]))
										delete(peer, s)
									})
									m.Log("info", "delete ship %s %s %s", s, k, kit.Formats(ship[k]))
									delete(ship, k)
								}
							})
							return
						}

						if arg[i] == "check" {
							has := "false"
							m.Confm("auth", []string{p, "ship"}, func(k string, ship map[string]interface{}) {
								if i == len(arg)-2 && (ship["meta"] != arg[i+1] && k != arg[i+1]) {
									return
								}
								if i == len(arg)-3 && (ship["type"] != arg[i+1] || ship["meta"] != arg[i+2]) {
									return
								}

								if ship["expire_time"] == nil || int64(kit.Int(ship["expire_time"])) > time.Now().Unix() {
									has = k
								}
							})
							m.Set("result").Echo(has)
							return
						}

						meta := []string{arg[i]}

						if m.Confs("auth_type", []string{"secrete", arg[i]}) {
							meta = append(meta, Password(arg[i+1]))
						} else {
							meta = append(meta, arg[i+1])
						}

						if !m.Confs("auth_type", []string{"public", arg[i]}) {
							if m.Confs("auth_type", []string{"unique", arg[i]}) {
								meta = append(meta, "uniq")
							} else {
								meta = append(meta, p)
							}
						}

						h, _ := kit.Hash(meta)
						if !m.Confs("auth", h) {
							m.Set("result")
							if m.Confs("auth_type", []string{"single", arg[i]}) && m.Confs("auth", p) && m.Cmds("aaa.auth", p, arg[i]) {
								m.Log("fuck", "password %s", h)
								return
							}

							block = append(block, map[string]string{"hash": h, "type": arg[i], "meta": meta[1]})
							m.Echo(h)
						}

						if s != "" {
							chain = append(chain, map[string]string{"node": s, "ship": "3", "hash": h, "type": arg[i], "meta": meta[1]})
							chain = append(chain, map[string]string{"node": h, "ship": "2", "hash": s, "type": arg[i], "meta": meta[1]})
						}
						if p != "" {
							chain = append(chain, map[string]string{"node": p, "ship": "1", "hash": h, "type": arg[i], "meta": meta[1]})
							chain = append(chain, map[string]string{"node": h, "ship": "0", "hash": p, "type": t, "meta": a})
						}

						p, t, a = h, arg[i], meta[1]
						m.Echo(h)
					case "node":
						if i > len(arg)-1 {
							m.Set("result")
							m.Cmdy("aaa.config", "auth", p)
							return
						} else if arg[i] == "delete" {
							m.Confm("auth", []string{p, "ship"}, func(ship map[string]interface{}) {
								for k, _ := range ship {
									m.Confm("auth", []string{k, "ship"}, func(peer map[string]interface{}) {
										m.Log("info", "delete peer %s %s %s", k, s, kit.Formats(peer[s]))
										delete(peer, s)
									})
									m.Log("info", "delete ship %s %s %s", s, k, kit.Formats(ship[k]))
									delete(ship, k)
								}
								m.Log("info", "delete node %s %s", s, kit.Formats(m.Confm("auth", s)))
								delete(m.Confm("auth"), s)
							})
						} else if i < len(arg)-1 {
							m.Confv("auth", []string{p, arg[i]}, arg[i+1])
						} else {
							ps := []string{p}
							for j := 0; j < len(ps); j++ {
								if value := m.Confv("auth", []string{ps[j], arg[i]}); value != nil {
									m.Put("option", "data", value).Cmdy("ctx.trans", "data")
									break
								}
								m.Confm("auth", []string{ps[j], "ship"}, func(key string, ship map[string]interface{}) {
									if ship["ship"] != "0" {
										ps = append(ps, key)
									}
								})
							}
						}
						return
					case "data":
						if i > len(arg)-1 {
							m.Set("result").Cmdy("ctx.config", "auth", strings.Join([]string{p, "data"}, "."))
							return
						} else if i == len(arg)-1 {
							m.Set("result").Cmdy("ctx.config", "auth", strings.Join([]string{p, "data", arg[i]}, "."))
							return
						} else if arg[i] == "delete" {
							m.Confm("auth", []string{s, "data"}, func(data map[string]interface{}) {
								for _, k := range arg[i+1:] {
									m.Log("info", "delete data %s %s %s", s, k, kit.Formats(data[k]))
									delete(data, k)
								}
							})
						} else if i < len(arg)-1 {
							m.Set("result")
							if arg[i] == "option" {
								m.Confv("auth", []string{p, "data", arg[i+1]}, m.Optionv(arg[i+1]))
							} else {
								m.Confv("auth", []string{p, "data", arg[i]}, arg[i+1])
							}
							m.Echo(arg[i+1])
						} else {
							ps := []string{p}
							for j := 0; j < len(ps); j++ {
								if value := m.Confv("auth", []string{ps[j], "data", arg[i]}); value != nil {
									m.Set("append").Set("result").Put("option", "data", value).Cmdy("ctx.trans", "data")
									break
								}
								m.Confm("auth", []string{ps[j], "ship"}, func(key string, ship map[string]interface{}) {
									if ship["ship"] != "0" {
										ps = append(ps, key)
									}
								})
							}
						}
						break
					}
				}

				m.Log("debug", "block: %v chain: %v", len(block), len(chain))
				for _, b := range block {
					m.Confv("auth", b["hash"], map[string]interface{}{"create_time": m.Time(), "type": b["type"], "meta": b["meta"]})
				}
				for _, c := range chain {
					m.Confv("auth", []interface{}{c["node"], "ship", c["hash"]}, map[string]interface{}{"ship": c["ship"], "type": c["type"], "meta": c["meta"]})
				}
				return
			}},

		"role": &ctx.Command{Name: "role [name [componet [name [command [name]]]]|[user [name [password|uuid code]]]]",
			Help: "用户角色, componet: 组件管理, user: 用户管理", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
				if len(arg) == 0 {
					m.Cmdy("aaa.auth", "ship", "userrole")
					return
				}

				role, arg := arg[0], arg[1:]
				switch arg[0] {
				case "componet", "command":
					componets, commands := []string{}, []string{}
					for i := 0; i < len(arg); i++ {
						if arg[i] == "command" {
							for i = i + 1; i < len(arg); i++ {
								if arg[i] == "componet" {
									break
								}
								commands = append(commands, arg[i])
							}
							continue
						}
						if arg[i] == "componet" {
							continue
						}
						componets = append(componets, arg[i])
					}
					m.Log("info", "componet: %v, command: %v", componets, commands)

					if len(componets) == 0 {
						m.Cmdy("aaa.auth", "ship", "userrole", role, "componet")
						return
					}
					for i := 0; i < len(componets); i++ {
						if len(commands) == 0 {
							m.Cmdy("aaa.auth", "ship", "userrole", role, "componet", componets[i], "command")
							continue
						}
						for j := 0; j < len(commands); j++ {
							m.Cmd("aaa.auth", "ship", "userrole", role, "componet", componets[i], "command", commands[j])
						}
					}

				case "user":
					if len(arg) == 1 {
						m.Cmdy("aaa.auth", "ship", "userrole", role, "username")
						break
					}
					for i := 1; i < len(arg); i++ {
						if m.Cmd("aaa.auth", "ship", "username", arg[i], "userrole", role); i < len(arg)-2 {
							switch arg[i+1] {
							case "password", "uuid", "cert":
								m.Cmd("aaa.auth", "ship", "username", arg[i], arg[i+1], arg[i+2])
								i += 2
							}
						}
					}
				}
				return
			}},
		"user": &ctx.Command{Name: "user cookie [role]|[login [password|uuid [code]]]|[service [name [value]]]|[session [select|create]]",
			Help: "用户认证, cookie: cookie管理, session: 会话管理", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
				if len(arg) == 0 {
					m.Cmdy("aaa.auth", "ship", "username")
					return
				}

				switch arg[0] {
				case "role":
					m.Cmdy("aaa.auth", "ship", "username", m.Option("username"), "userrole")

				case "login":
					m.Cmdy("aaa.auth", "username", m.Option("username"), arg[1], arg[2])

				case "cookie":
					if len(arg) > 3 {
						m.Cmdy("aaa.auth", "username", m.Option("username"), "data", strings.Join(arg[:3], "."), arg[3])
						arg = arg[:3]
					}

					m.Cmdy("aaa.auth", "username", m.Option("username"), "data", strings.Join(arg, "."))
				case "session":
					if len(arg) == 1 {
						m.Cmdy("aaa.auth", "ship", "username", m.Option("username"), "session")
						return
					}

					switch arg[1] {
					case "select":
						defer func() { m.Log("info", "sessid: %s", m.Result(0)) }()

						if m.Options("sessid") && m.Cmds("aaa.auth", "ship", "username", m.Option("username"), "check", m.Option("sessid")) {
							m.Echo(m.Option("sessid"))
							return
						}
						if m.Cmdy("aaa.auth", "ship", "username", m.Option("username"), "session"); m.Appends("key") {
							m.Set("result").Echo(m.Append("key"))
							return
						}
						fallthrough
					case "create":
						m.Cmdy("aaa.auth", "ship", "username", m.Option("username"), "session", kit.Select("web", arg, 2))
						m.Cmd("aaa.auth", m.Result(0), "data", "current.ctx", "mdb")
					}
				default:
					m.Option("format", "object")
					m.Cmdy("aaa.auth", "username", arg[0], "data")
				}
				return
			}},
		"sess": &ctx.Command{Name: "sess [sessid] [current [pod|ctx|dir|env [value]]]|[bench [select|create]]",
			Help: "会话管理, current: 指针管理, bench: 空间管理", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
				if len(arg) == 0 {
					m.Cmdy("aaa.auth", "ship", "session")
					return
				}

				sid := m.Option("sessid")
				if m.Conf("auth", []string{arg[0], "type"}) == "session" {
					sid, arg = arg[0], arg[1:]
				}
				if len(arg) == 0 {
					m.Echo(sid)
					return
				}

				switch arg[0] {
				case "access":
					h := m.Cmdx("aaa.auth", "access", kit.Hashs(m.Option("remote_ip"), m.Option("username")))
					m.Cmd("aaa.auth", h, "data", "remote_ip", m.Option("remote_ip"), "username", m.Option("username"))
					m.Echo(h)
					return

				case "user":
					m.Cmdy("aaa.auth", sid, "ship", "username")

				case "current":
					if len(arg) > 2 {
						m.Cmd("aaa.auth", sid, "data", strings.Join(arg[:2], "."), arg[2])
						arg = arg[:2]
					}

					m.Cmdy("aaa.auth", sid, "data", strings.Join(arg, "."))

				case "bench":
					if len(arg) == 1 {
						m.Cmdy("aaa.auth", m.Option("sessid"), "ship", "bench")
						return
					}

					switch arg[1] {
					case "select":
						defer func() { m.Log("info", "bench: %s", m.Result(0)) }()

						if m.Options("bench") && m.Cmds("aaa.auth", m.Option("sessid"), "ship", "check", m.Option("bench")) {
							m.Echo(m.Option("bench"))
							return
						}
						if m.Cmdy("aaa.auth", m.Option("sessid"), "ship", "bench"); m.Appends("key") {
							m.Set("result").Echo(m.Append("key"))
							return
						}
						fallthrough
					case "create":
						m.Cmdy("aaa.auth", m.Option("sessid"), "ship", "bench", kit.Select("web", arg, 2))
						m.Cmd("aaa.auth", m.Result(0), "data", "name", "web")
					}
				}
				return
			}},
		"work": &ctx.Command{Name: "work [benchid] [sesion]|[delete]|[rename name]|[share public|protect|private][data arg...]|[right [componet [command [argument]]]]",
			Help: []string{"工作空间",
				"session: 查看会话",
				"delete: 删除空间",
				"rename [name]: 命名空间",
				"share [public|protect|private]: 共享空间",
				"data arg...: 读写数据",
				"right [componet [command [arguments]]]: 权限检查",
			}, Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
				if len(arg) == 0 {
					m.Cmdy("aaa.auth", "ship", "bench")
					return
				}

				bid := m.Option("bench")
				if m.Conf("auth", []string{arg[0], "type"}) == "bench" {
					bid, arg = arg[0], arg[1:]
				}
				if len(arg) == 0 {
					m.Echo(bid)
					return
				}

				switch arg[0] {
				case "session":
					m.Cmdy("aaa.auth", bid, "ship", "session")

				case "delete":
					m.Cmdy("aaa.auth", bid, "delete", "node")

				case "rename":
					if len(arg) > 1 {
						m.Cmd("aaa.auth", bid, "data", "name", arg[1])
					}
					m.Cmdy("aaa.auth", bid, "data", "name")

				case "share":
					if len(arg) > 1 {
						m.Cmdy("aaa.auth", bid, "data", "share", arg[1])
					}
					m.Cmdy("aaa.auth", bid, "data", "share")

				case "data":
					m.Cmdy("aaa.auth", bid, arg)

				case "right":
					if len(arg) == 1 {
						m.Cmd("aaa.auth", m.Option("bench"), "ship", "componet").CopyTo(m, "append")
						m.Cmd("aaa.auth", m.Option("bench"), "ship", "command").CopyTo(m, "append")
						m.Table()
						break
					}

					for _, role := range kit.Trans(m.Option("userrole"), m.Cmd("aaa.auth", "ship", "username", m.Option("username"), "userrole").Appendv("meta")) {
						if role == "" {
							continue
						}
						if role == "root" {

						} else if len(arg) > 2 {
							if m.Cmds("aaa.auth", m.Option("bench"), "ship", "check", arg[2]) {

							} else if cid := m.Cmdx("aaa.auth", "ship", "userrole", role, "componet", arg[1], "check", arg[2]); kit.Right(cid) {
								m.Cmd("aaa.auth", m.Option("bench"), cid)
							} else {
								continue
							}
						} else if len(arg) > 1 {
							if m.Cmds("aaa.auth", m.Option("bench"), "ship", "check", arg[1]) {

							} else if cid := m.Cmdx("aaa.auth", "ship", "userrole", role, "check", arg[1]); kit.Right(cid) {
								m.Cmd("aaa.auth", m.Option("bench"), cid)
							} else {
								continue
							}
						}

						m.Log("info", "role: %s %v", role, arg[1:])
						m.Echo(role)
						break
					}

					m.Log("right", "bench: %s sessid: %s user: %s com: %v result: %v",
						m.Option("bench"), m.Option("sessid"), m.Option("username"), arg[2:], m.Result(0))
				}
				return
			}},

		"clip": &ctx.Command{Name: "clip", Help: "授权", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			h := m.Cmdx("aaa.auth", "username", m.Option("username"))

			if len(arg) == 0 {
				m.Cmdy("aaa.config", "auth", h+".data.clip")
				return
			}

			switch arg[0] {
			case "clear":
				m.Conf("auth", []string{h, "data", "clip"}, []interface{}{})
			default:
				m.Conf("auth", []string{h, "data", "clip", kit.Select("-2", arg, 1)}, arg[0])
				m.Echo("%d", len(m.Confv("auth", []string{h, "data", "clip"}).([]interface{}))-1)
			}
			return
		}},
		"location": &ctx.Command{Name: "clip", Help: "授权", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			h := m.Cmdx("aaa.auth", "username", m.Option("username"))

			if len(arg) < 2 {
				m.Confm("auth", []string{h, "data", "location"}, func(index int, value map[string]interface{}) {
					m.Add("append", "create_time", value["create_time"])
					m.Add("append", "location", value["location"])
					m.Add("append", "latitude", value["latitude"])
					m.Add("append", "longitude", value["longitude"])
				})
				m.Table()
				return
			}

			switch arg[0] {
			default:
				m.Conf("auth", []string{h, "data", "location", "-2"}, map[string]interface{}{
					"create_time": m.Time(),
					"latitude":    arg[0], "longitude": arg[1],
					"location": kit.Select("", arg, 2),
				})
				m.Echo("%d", len(m.Confv("auth", []string{h, "data", "location"}).([]interface{}))-1)
			}
			return
		}},

		"email": &ctx.Command{Name: "email", Help: "数字摘要", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			msg := gomail.NewMessage()
			msg.SetHeader("From", m.Conf("email", "self"))
			msg.SetHeader("To", arg[0])
			msg.SetHeader("Subject", arg[1])
			msg.SetBody("text/html", strings.Join(arg[2:], ""))
			d := gomail.NewDialer(m.Conf("email", "smtp"), kit.Int(m.Conf("email", "port")), m.Conf("email", "self"), m.Conf("email", "code"))
			if e := d.DialAndSend(msg); e != nil {
				m.Echo("%v", e)
			} else {
				m.Echo("success")
			}
			return
		}},

		"relay": &ctx.Command{Name: "relay check hash | share role", Help: "授权", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if len(arg) == 0 {
				m.Cmdy("aaa.auth", "relay")
				return
			}

			switch arg[0] {
			case "check":
				if relay := m.Confm("auth", []string{arg[1], "data"}); relay != nil {
					if kit.Select("", arg, 2) == "userrole" && kit.Int(relay["count"]) > 0 {
						relay["count"] = kit.Int(relay["count"]) - 1
						m.Echo("%s", relay["userrole"])
					}
					for k, v := range relay {
						m.Append(k, v)
					}
				}
			case "share":
				m.Echo(m.Cmd("aaa.auth", "relay", "right").Result(0))
				m.Conf("auth", []string{m.Result(0), "data"}, map[string]interface{}{
					"userrole": kit.Select("tech", arg, 1),
					"username": kit.Select("", arg, 2),
					"count":    kit.Select("1", arg, 3),
				})
			case "count":
				if len(arg) == 1 {
					m.Cmdy("aaa.auth", "relay")
					return
				}
				m.Conf("auth", []string{arg[1], "data", "count"}, kit.Select("1", arg, 2))
				m.Cmdy("ctx.config", "auth", arg[1])
			default:
				m.Cmdy("ctx.config", "auth", arg[0])
			}
			return
		}},
		"login": &ctx.Command{Name: "login nodesess", Help: "登录", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if len(arg) == 0 {
				m.Cmd("aaa.auth", "username", m.Option("username"), "session", "nodes").Table(func(sess map[string]string) {
					m.Cmd("aaa.auth", sess["key"], "nodes").Table(func(node map[string]string) {
						m.Add("append", "key", node["key"])
						m.Add("append", "meta", node["meta"])
					})
				})
				m.Table()
				return
			}
			m.Cmd("aaa.auth", arg[0], "username", m.Option("username"))
			return
		}},
		"share": &ctx.Command{Name: "share nodesess", Help: "共享", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if len(arg) == 0 {
				m.Cmd("aaa.auth", "username", m.Option("username"), "session", "nodes").Table(func(sess map[string]string) {
					m.Cmd("aaa.auth", sess["key"], "nodes").Table(func(node map[string]string) {
						m.Add("key", node["key"])
						m.Add("meta", node["meta"])
					})
				})
				m.Table()
				return
			}
			m.Cmd("aaa.auth", arg[0], "username", m.Option("username"))
			return
		}},

		"rsa": &ctx.Command{Name: "rsa gen|sign|verify|encrypt|decrypt|cert",
			Form: map[string]int{"common": -1},
			Help: []string{"gen: 生成密钥, sgin: 私钥签名, verify: 公钥验签, encrypt: 公钥加密, decrypt: 私钥解密",
				"密钥: rsa gen [keyfile [pubfile [certfile]]]",
				"加密: rsa encrypt pub content [enfile]",
				"解密: rsa decrypt key content [defile]",
				"签名: rsa sign key content [signfile]",
				"验签: rsa verify pub content",
			},
			Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
				if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) {
					switch arg[0] {
					case "gen":

						keys, e := rsa.GenerateKey(crand.Reader, 1024)
						m.Assert(e)

						private := string(pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(keys)}))
						m.Echo(m.Append("private", private))

						pub, e := x509.MarshalPKIXPublicKey(&keys.PublicKey)
						m.Assert(e)

						public := string(pem.EncodeToMemory(&pem.Block{Type: "RSA PUBLIC KEY", Bytes: pub}))
						m.Echo(m.Append("public", public))

						common := map[string]interface{}{}
						for i := 0; i < len(m.Meta["common"]); i += 2 {
							kit.Chain(common, m.Meta["common"][i], m.Meta["common"][i+1])
						}

						template := x509.Certificate{
							SerialNumber:          big.NewInt(1),
							IsCA:                  true,
							BasicConstraintsValid: true,
							KeyUsage:              x509.KeyUsageCertSign,
							Subject:               pkix.Name{CommonName: kit.Format(common)},
						}
						cert, e := x509.CreateCertificate(crand.Reader, &template, &template, &keys.PublicKey, keys)
						m.Assert(e)

						certificate := string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert}))
						m.Echo(m.Append("certificate", certificate))

						if len(arg) > 1 {
							ioutil.WriteFile(arg[1], []byte(private), 0666)
						}
						if len(arg) > 2 {
							ioutil.WriteFile(arg[2], []byte(public), 0666)
						}
						if len(arg) > 3 {
							ioutil.WriteFile(arg[3], []byte(certificate), 0666)
						}
					case "sign":
						private, e := x509.ParsePKCS1PrivateKey(aaa.Decode(arg[1]))
						m.Assert(e)

						h := md5.Sum(Input(arg[2]))
						b, e := rsa.SignPKCS1v15(crand.Reader, private, crypto.MD5, h[:])
						m.Assert(e)

						res := base64.StdEncoding.EncodeToString(b)
						if m.Echo(res); len(arg) > 3 {
							ioutil.WriteFile(arg[3], []byte(res), 0666)
						}
					case "verify":
						public, e := x509.ParsePKIXPublicKey(aaa.Decode(arg[1]))
						if e != nil {
							cert, e := x509.ParseCertificate(aaa.Decode(arg[1]))
							m.Assert(e)
							public = cert.PublicKey
						}

						buf := make([]byte, 1024)
						n, e := base64.StdEncoding.Decode(buf, Input(arg[2]))
						m.Assert(e)
						buf = buf[:n]

						h := md5.Sum(Input(arg[3]))
						m.Echo("%t", rsa.VerifyPKCS1v15(public.(*rsa.PublicKey), crypto.MD5, h[:], buf) == nil)
					case "encrypt":
						public, e := x509.ParsePKIXPublicKey(aaa.Decode(arg[1]))
						m.Assert(e)

						b, e := rsa.EncryptPKCS1v15(crand.Reader, public.(*rsa.PublicKey), Input(arg[2]))
						m.Assert(e)

						res := base64.StdEncoding.EncodeToString(b)
						if m.Echo(res); len(arg) > 3 {
							ioutil.WriteFile(arg[3], []byte(res), 0666)
						}
					case "decrypt":
						private, e := x509.ParsePKCS1PrivateKey(aaa.Decode(arg[1]))
						m.Assert(e)

						buf := make([]byte, 1024)
						n, e := base64.StdEncoding.Decode(buf, Input(arg[2]))
						m.Assert(e)
						buf = buf[:n]

						b, e := rsa.DecryptPKCS1v15(crand.Reader, private, buf)
						m.Assert(e)

						if m.Echo(string(b)); len(arg) > 3 {
							ioutil.WriteFile(arg[3], b, 0666)
						}
					case "cert":
						private, e := x509.ParsePKCS1PrivateKey(aaa.Decode(arg[1]))
						m.Assert(e)

						cert, e := x509.ParseCertificate(aaa.Decode(arg[2]))
						m.Assert(e)

						public, e := x509.ParsePKIXPublicKey(aaa.Decode(arg[3]))
						m.Assert(e)

						template := &x509.Certificate{
							SerialNumber: big.NewInt(rand.Int63()),
							NotBefore:    time.Now(),
							NotAfter:     time.Now().AddDate(1, 0, 0),
						}
						buf, e := x509.CreateCertificate(crand.Reader, template, cert, public, private)

						certificate := string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: buf}))
						if m.Echo(certificate); len(arg) > 4 {
							ioutil.WriteFile(arg[4], []byte(certificate), 0666)
						}
					case "info":
						cert, e := x509.ParseCertificate(aaa.Decode(arg[1]))
						m.Assert(e)

						var common interface{}
						json.Unmarshal([]byte(cert.Subject.CommonName), &common)
						m.Put("option", "common", common).Cmdy("ctx.trans", "common", "format", "object")
					case "grant":
						private, e := x509.ParsePKCS1PrivateKey(aaa.Decode(arg[1]))
						m.Assert(e)

						parent, e := x509.ParseCertificate(aaa.Decode(arg[2]))
						m.Assert(e)

						for _, v := range arg[3:] {
							template, e := x509.ParseCertificate(aaa.Decode(v))
							m.Assert(e)

							cert, e := x509.CreateCertificate(crand.Reader, template, parent, template.PublicKey, private)
							m.Assert(e)

							certificate := string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert}))
							m.Echo(certificate)
						}
					case "check":
						parent, e := x509.ParseCertificate(aaa.Decode(arg[1]))
						m.Assert(e)

						for _, v := range arg[2:] {
							template, e := x509.ParseCertificate(aaa.Decode(v))
							m.Assert(e)

							if e = template.CheckSignatureFrom(parent); e != nil {
								m.Echo("error: ").Echo("%v", e)
							}
						}
						m.Echo("true")
					}
				}
				return
			}},
		"cert": &ctx.Command{Name: "cert [filename]", Help: "导出证书", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) && aaa.certificate != nil {
				certificate := string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: aaa.certificate.Raw}))
				if m.Echo(certificate); len(arg) > 0 {
					m.Assert(ioutil.WriteFile(arg[0], []byte(certificate), 0666))
				}
			}
			return
		}},
		"pub": &ctx.Command{Name: "pub [filename]", Help: "导出公钥", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) && aaa.public != nil {
				pub, e := x509.MarshalPKIXPublicKey(aaa.public)
				m.Assert(e)
				public := string(pem.EncodeToMemory(&pem.Block{Type: "RSA PUBLIC KEY", Bytes: pub}))
				if m.Echo(public); len(arg) > 0 {
					m.Assert(ioutil.WriteFile(arg[0], []byte(public), 0666))
				}
			}
			return
		}},
		"keys": &ctx.Command{Name: "keys [filename]", Help: "导出私钥", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) && aaa.private != nil {
				private := string(pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(aaa.private)}))
				if m.Echo(private); len(arg) > 0 {
					m.Assert(ioutil.WriteFile(arg[0], []byte(private), 0666))
				}
			}
			return
		}},
		"sign": &ctx.Command{Name: "sign content [signfile]", Help: "数字签名", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) && aaa.private != nil {
				h := md5.Sum(Input(arg[0]))
				b, e := rsa.SignPKCS1v15(crand.Reader, aaa.private, crypto.MD5, h[:])
				m.Assert(e)

				res := base64.StdEncoding.EncodeToString(b)
				if m.Echo(res); len(arg) > 1 {
					m.Assert(ioutil.WriteFile(arg[1], []byte(res), 0666))
				}
			}
			return
		}},
		"verify": &ctx.Command{Name: "verify content signature", Help: "数字验签", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) && aaa.public != nil {
				buf := make([]byte, 1024)
				n, e := base64.StdEncoding.Decode(buf, Input(arg[1]))
				m.Assert(e)
				buf = buf[:n]

				h := md5.Sum(Input(arg[0]))
				m.Echo("%t", rsa.VerifyPKCS1v15(aaa.public, crypto.MD5, h[:], buf) == nil)
			}
			return
		}},
		"seal": &ctx.Command{Name: "seal content [sealfile]", Help: "数字加密", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) && aaa.public != nil {
				b, e := rsa.EncryptPKCS1v15(crand.Reader, aaa.public, Input(arg[0]))
				m.Assert(e)

				res := base64.StdEncoding.EncodeToString(b)
				if m.Echo(res); len(arg) > 1 {
					m.Assert(ioutil.WriteFile(arg[1], []byte(res), 0666))
				}
			}
			return
		}},
		"deal": &ctx.Command{Name: "deal content", Help: "数字解密", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) && aaa.private != nil {
				buf := make([]byte, 1024)
				n, e := base64.StdEncoding.Decode(buf, Input(arg[0]))
				m.Assert(e)
				buf = buf[:n]

				b, e := rsa.DecryptPKCS1v15(crand.Reader, aaa.private, buf)
				m.Assert(e)
				m.Echo(string(b))
			}
			return
		}},

		"newcipher": &ctx.Command{Name: "newcipher salt", Help: "加密算法", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) {
				salt := md5.Sum(Input(arg[0]))
				block, e := aes.NewCipher(salt[:])
				m.Assert(e)
				aaa.encrypt = cipher.NewCBCEncrypter(block, salt[:])
				aaa.decrypt = cipher.NewCBCDecrypter(block, salt[:])
			}
			return
		}},
		"encrypt": &ctx.Command{Name: "encrypt content [enfile]", Help: "加密数据", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) && aaa.encrypt != nil {
				content := Input(arg[0])

				bsize := aaa.encrypt.BlockSize()
				size := (len(content) / bsize) * bsize
				if len(content)%bsize != 0 {
					size += bsize
				}

				buf := make([]byte, size)
				for pos := 0; pos < len(content); pos += bsize {
					end := pos + bsize
					if end > len(content) {
						end = len(content)
					}

					b := make([]byte, bsize)
					copy(b, content[pos:end])

					aaa.encrypt.CryptBlocks(buf[pos:pos+bsize], b)
				}

				res := base64.StdEncoding.EncodeToString(buf)
				if m.Echo(res); len(arg) > 1 {
					m.Assert(ioutil.WriteFile(arg[1], []byte(res), 0666))
				}
			}
			return
		}},
		"decrypt": &ctx.Command{Name: "decrypt content [defile]", Help: "解密数据", Hand: func(m *ctx.Message, c *ctx.Context, key string, arg ...string) (e error) {
			if aaa, ok := m.Target().Server.(*AAA); m.Assert(ok) && aaa.decrypt != nil {
				content := Input(arg[0])

				buf := make([]byte, 1024)
				n, e := base64.StdEncoding.Decode(buf, content)
				m.Assert(e)
				buf = buf[:n]

				res := make([]byte, n)
				aaa.decrypt.CryptBlocks(res, buf)

				if m.Echo(string(res)); len(arg) > 1 {
					m.Assert(ioutil.WriteFile(arg[1], res, 0666))
				}
			}
			return
		}},
	},
}

Functions ¶

func Auto ¶ added in v1.1.1

func Auto(m *ctx.Message, arg ...string)

func Input ¶ added in v1.1.1

func Input(stream string) []byte

func Password ¶ added in v1.1.1

func Password(pwd string) string

Types ¶

type AAA ¶

type AAA struct {
	*ctx.Context
	// contains filtered or unexported fields
}

func (*AAA) Begin ¶

func (aaa *AAA) Begin(m *ctx.Message, arg ...string) ctx.Server

func (*AAA) Close ¶

func (aaa *AAA) Close(m *ctx.Message, arg ...string) bool

func (*AAA) Decode ¶ added in v1.1.0

func (aaa *AAA) Decode(stream string) []byte

func (*AAA) Spawn ¶

func (aaa *AAA) Spawn(m *ctx.Message, c *ctx.Context, arg ...string) ctx.Server

func (*AAA) Start ¶

func (aaa *AAA) Start(m *ctx.Message, arg ...string) bool

Source Files ¶

View all Source files

aaa.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL