增加Bot授权相关

This commit is contained in:
xxq250 2023-02-15 18:37:36 +08:00
parent f0c1e9e319
commit 1cd43de75b
10 changed files with 206 additions and 11 deletions

View File

@ -1,4 +1,6 @@
require 'oauth2'
# require 'openssl'
# require 'jwt'
class ApplicationController < ActionController::Base
include CodeExample
@ -295,17 +297,24 @@ class ApplicationController < ActionController::Base
# Find the current user
#Rails.logger.info("current_laboratory is #{current_laboratory} domain is #{request.subdomain}")
if request.headers["Authorization"].present? && request.headers["Authorization"].start_with?('Bearer')
tip_exception(401, "请登录后再操作!") unless valid_doorkeeper_token?
if @doorkeeper_token.present?
# client方法对接需要一直带着用户标识uid
if @doorkeeper_token.resource_owner_id.blank?
tip_exception(-1, "缺少用户标识!") if params[:uid].nil?
User.current = User.find(params[:uid])
else
User.current = User.find_by(id: @doorkeeper_token.resource_owner_id)
if !valid_doorkeeper_token?
header = request.authorization
pattern = /^Bearer /i
token = header.gsub(pattern, "")
User.current, message = Bot.decode_jwt_token(token)
tip_exception(401, message) if message.present?
else
if @doorkeeper_token.present?
# client方法对接需要一直带着用户标识uid
if @doorkeeper_token.resource_owner_id.blank?
tip_exception(-1, "缺少用户标识!") if params[:uid].nil?
User.current = User.find(params[:uid])
else
User.current = User.find_by(id: @doorkeeper_token.resource_owner_id)
end
end
end
else
else
User.current = find_current_user
uid_logger("user_setup: " + (User.current.logged? ? "#{User.current.try(:login)} (id=#{User.current.try(:id)})" : "anonymous"))

View File

@ -0,0 +1,46 @@
class InstallationsController < ApplicationController
include RegisterHelper
before_action :require_login
def index
@install_bots = BotInstall.where(:installer_id => current_user.id)
end
def register
@bot = Bot.find params[:id]
@bot.client_id = Doorkeeper::OAuth::Helpers::UniqueToken.generate if params[:client_id].blank?
@bot.client_secret = Doorkeeper::OAuth::Helpers::UniqueToken.generate if params[:client_secret].blank?
@bot.private_key = OpenSSL::PKey::RSA::generate(2048).to_s
@bot.owner_id = current_user.id
ActiveRecord::Base.transaction do
# 注册bot对应oauth应用
Doorkeeper::Application.create!(name: @bot.name, uid: @bot.client_id, secret: @bot.client_secret, redirect_uri: "https://gitlink.org.cn")
# 注册bot对应用户
result = autologin_register(User.generate_user_login('b'), nil, "b58333123413", 'bot', nickname: @bot.name)
tip_exception(-1, result[:message]) if result[:message].present?
@bot.uid = result[:user][:id]
@bot.save
render_ok
rescue Exception => e
tip_exception(-1, e.message)
end
end
def access_tokens
@install_bot = BotInstall.find params[:id]
@bot = @install_bot.bot
@application = Doorkeeper::Application.find_by(uid: @bot.client_id, secret: @bot.client_secret)
if @application.present?
# 给bot生成token因为bot是机器人操作
@access_token = Doorkeeper::AccessToken.create!({ :application_id => @application.id,
:resource_owner_id => @bot.uid,
:scopes => "public write",
:expires_in => "604800",
:use_refresh_token => true
})
end
render_ok(token: @access_token.token)
end
end

51
app/models/bot.rb Normal file
View File

@ -0,0 +1,51 @@
# == Schema Information
#
# Table name: bot
#
# id :integer not null, primary key
# bot_name :string(255)
# bot_des :text(4294967295)
# webhook :string(255)
# is_public :integer
# logo :string(255)
# state :integer
# client_id :string(255)
# client_secret :string(255)
# web_url :string(255)
# category :string(255)
# install_num :integer default("0")
# update_time :datetime not null
# create_time :datetime not null
# private_key :text(65535)
# uid :integer
# owner_id :integer
#
# Indexes
#
# name (bot_name) UNIQUE
#
class Bot < ApplicationRecord
self.table_name = "bot"
has_many :install_bots
def name
self.bot_name
end
def self.decode_jwt_token(token)
decoded_token = JWT.decode token, nil, false
return [nil, "Token已过期"] if Time.now.to_i - 60 - decoded_token[0]["exp"].to_i > 0
bot = Bot.find_by(id: decoded_token[0]["iss"])
return [nil, "Token不存在"] if bot.blank?
rsa_private = OpenSSL::PKey::RSA.new(bot.private_key)
rsa_public = rsa_private.public_key
JWT.decode token, rsa_public, true, { algorithm: 'RS256' }
[User.find_by(id: bot.owner_id), ""]
rescue JWT::DecodeError
Rails.logger.error "jwt token decode error:#{token}"
[nil, "无效Token"]
end
end

20
app/models/bot_install.rb Normal file
View File

@ -0,0 +1,20 @@
# == Schema Information
#
# Table name: install_bot
#
# id :integer not null, primary key
# bot_id :integer not null
# installer_id :integer not null
# store_id :integer not null
# state :integer not null
# create_time :datetime not null
# update_time :datetime not null
#
# frozen_string_literal: true
class BotInstall < ApplicationRecord
self.table_name = "install_bot"
belongs_to :bot
end

View File

@ -114,7 +114,7 @@ class User < Owner
# trustie: 来自Trustie平台
# forge: 平台本身注册的用户
# military: 军科的用户
enumerize :platform, in: [:forge, :educoder, :trustie, :military, :github, :gitee, :qq, :wechat], default: :forge, scope: :shallow
enumerize :platform, in: [:forge, :educoder, :trustie, :military, :github, :gitee, :qq, :wechat, :bot], default: :forge, scope: :shallow
belongs_to :laboratory, optional: true
has_one :user_extension, dependent: :destroy

View File

@ -0,0 +1,7 @@
json.status 0
json.message "success"
json.data do
json.array! @install_bots do |install_bot|
json.extract! install_bot.bot, :id, :name
end
end

View File

@ -18,7 +18,7 @@ Doorkeeper.configure do
User.authenticate!(params[:username], params[:password])
end
access_token_generator '::Doorkeeper::JWT'
# access_token_generator '::Doorkeeper::JWT'
admin_authenticator do
user = current_user

View File

@ -1047,6 +1047,17 @@ Rails.application.routes.draw do
resources :commit_logs, :only => [:create]
scope '/app' do
post 'register', to: 'installations#register'
resources :installations do
get :repositories, on: :collection
member do
post :access_tokens
put :suspended
end
end
end
root 'main#index'

View File

@ -0,0 +1,9 @@
class AddBotInfo < ActiveRecord::Migration[5.2]
def change
if table_exists? :bot
add_column :bot, :private_key, :text, comment: "私钥"
add_column :bot, :owner_id, :integer, comment: "所有者ID"
add_column :bot, :uid, :integer, comment: "Bot机器人用户ID"
end
end
end

42
test/jwt_test.rb Normal file
View File

@ -0,0 +1,42 @@
require 'openssl'
require 'jwt' # https://rubygems.org/gems/jwt
# Private key contents
private_pem = File.read("/Users/xxq/Documents/gitlink-webhook.2022-06-09.private-key.pem")
private_key22="-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEApOebWmRV/ooNq5Ks04YnDU7pEezGShGvaiF0cIvn9jvmYHu0\nFialojvJV3VpB6xE6QBPXZ0Pi1lokZ9dMx8F5UWNx9WA7wf7xK3hAJLNml+GeewF\nou8vk/Ry7n6diLxETNVd7YzPvztn5qaMp/DXa+65i11H8a/XXqR7kCVnCevVlufh\nNr/Dp6dW31W8TInnDQasJFMZ8GY7f+tCwLXNc0M8p+TeDp9xmXHOrEB+S/mgbUOF\nXgRr6icbMmlT9bsAxYHrrDkcVxJhs0hq5vD3BaoK06gcZEnN7/HVNzgVSOYNsVNh\n9006cMgDSOwc9F8aulP7cr8k74INq1xswoGs9wIDAQABAoIBAHayc2NkF3YJXv+h\nqx7yUEfHBgKuAKiuBCqLfCnKuqPFx/So9h5/oPeeuzVlwL0SJePlIjuK4vZ128v9\n/vLeILtADmbJ6m2jvHh8hBmKkc3Ndplp50C5k/CWoufCYZhbk3oOlvZ3Rc4rb4VZ\nWqNDu3voMMv8z91KqeZo1LwUAA/l9mU++zLkRA6qOuWGBJFsM8YpshzxL5lzRUb3\n7y+YJDyUZztfzKwr6pqm1n9B2e6e+znCw1vMZXp2TbUrpvrrXSxlgdNuK68SkZX6\nTdZUD8y0viwaioRVf3vR+e/Bf7yZannGdvcmVGs0A7dq9QgHkakqNHiRkQgwviSq\nbjBo7dECgYEAzekeP5j/dAPkv9X4qnmZ4du/+ZgrQrJckDD/JuNIBmQT9m286l4P\nmb2TBcWkswVOZaS5Qy2bN/69rwIbcdvbaROGBCabn3ATK4fSzmUk31M2rRKYZqaU\nMi0W2g2YtSRg+bV6S7aFXa98j5+JlqJeDZQoRuvL68ooq5WzFWmfYnkCgYEAzQTi\n4USqz2z66BfU+v2rchzK8URxnv7EW/CG3XFRsG+1UXCyEIct2L7rzvC7r7+jjS4s\ngmV3Civ1sckGMwikLzxFtUZ1LUBakZp/mmipIzxcHOeBsRdHei8BFvMNqveg1JpO\ncY/Fp+wEkSNLhfkb/IXRw0iwFalBRnyo4BJbLu8CgYBrQ7E6OB169jxHotNzGv2K\npssO3rJKgFev1ZZVT7jJe4Dasrfi7zT5RcQ9EYSGrZD1aiYIVM2zEcUGUfayDXHy\n/vSlXOdc2ylhV9P9KLtYiyTEbBdwAf7ZVJu+465VTqol6t/WaTJ4Z15gAx/NlK+i\nKzgAGf2Uyy78k3NDCE67IQKBgFwM0pUUEKEbLDhi4uRiWsTcep4C/gTGHIGvJ85r\nH6NZNI7BS6GyH/qOFjAO1CYfpB4yWhed2Om/PQw61sa5HYZ7yEyQuvG7UC7JsHsy\nfKZuZmkv5IIPkq8gRZv5OuzFS/fI5GmGhNdVV+OWdkVLyK4Do1/L1guTt9QfCm+4\nrioPAoGBALGr8aUAbz/A611M/bLnk04UYfV+M34/hCf6/rKiBHdQoIHOriSC9Nv7\nyhE5axTdmIWMxfbyb3vHJ5MizZkD/Qj0VDuMkyS2+3TepI6tySQE3YQeWnCMJI9i\nuoCZ31GBui4+W5udbx8NOVsJfXUQn/OAoOn6WuMNPdgB45KXcktj\n-----END RSA PRIVATE KEY-----\n"
private_key33= "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAq/wUH8N+5fzj3hArKY7ChC591R/uKyeNM/BbsR2OGxO5F1CE\nozy6thtPult96Gm9oK3sMpLdYCze2YgozgteFO1Ft0o1GEJ1A4SinOKzeixLpFy0\n5N9t+iz7Xa7jC/1E3uy/s2WvSYCS9NnK2Uj3DQOH8BUWfkvyTtt91a2pplbPCV3T\nw1PykAcDWIFXVJJCMtYd2x+DukSWKHRsYbBCMtVZhEVuKmTE3FBTDVu9sN3b7uLL\n5RzHUg13QZZr9OvMNR3nUZl6yDxw+wD4anDrtpL9C+tFjhMyqsyYpYWwcJm65YiD\ny7Ps24IdcLB4iOxJE91fu+MnicvyBrtEjoBP/wIDAQABAoIBAAcKc9x1CW3q8300\n1j+GS6pTqO0fuIVlwh8dOPPATQAIx6wPrM5t/wrThWkQs8/e/Fdmp2POpWd5jsoD\nDACbcIeUyyTc0d2jYtz5AhtAIK7gv1wEO5efGgaC7ut/7GWiQb6KnLKAeDOfIuUJ\nQYexuAN9YIRQqLIU89+MltM3n9liZTMuPWRFJcitaDytXa10TCe5RUqHGZf49pi7\njCgk0x7jDYqbIzsqOu741P8My/gkAjKPkRnjaj3o6MrwHzIlc4t/6mKbaPnywywk\n6roYMqmytgueA9wxFcj74ekBQAaXsu4xRkbZXxjcBtIvTId5IHHK5Z/r3fgE9K3J\nOuzzJ1kCgYEA3uu/pUjJbKegOsgSdu3cO/NvRV2YsRD4NUgtiMCEakE4VQXRK5pf\nV8xqQeH/rLjZf5aP5xe8n25krh/c+m0ezOMyu5MmhoxaWCPWIezsaKJXOcvsOxIu\n2sJ9GRMXabyuDuSdL7ZGYMpLhRclXYLyPCz7wzN445IluTHuD3lJ2qUCgYEAxYFh\ncVD73yNZn9BN1DSGWpfPtLqOKIdG+xi/ypCSGpJG0QCJRFi7R1qJOxFtJNI8DRiD\nZapPEGLVd/KY5NzBGZBfNQt4DQH9qR4l43c6NNkisWA9rvXvCDqXKmBq7wfpnkYr\n4Ul2hXYmsPJjP8e0BfG54PaSu3BDBMJMtcgDktMCgYBvzyDdnwdgVyc3tHgGbMFk\n1HHAAfT/ArrrxpsIFz+TJ8lAY92JGDGwENhO2TLrCAAXTYY5657w/GbFKzgj5y1m\nqKIekOzm2WjLApZ5h6L/zEUhuRVwf2s+0AP82qWIpFlNIP9yGeNs0qpUQ8q6/13O\nLuXL/3on8nq3S8LSwgv3/QKBgDfM+g7d5ouAnU29uH9/54Wo5pIVMxzYO4Gt2GIO\nvnirYz6hfCbHOwJJ3gPGRKPmkfjROC59E6F5iv48mF3w0M28MGn4N47VRSmGzwWZ\nJeTQhDDBFCxeZ45Xn2Xln9Cw15xUDwmzi7zhSMUtdkUK0x3q0a1xfLtgWE775lhl\njjzpAoGAdUXFW1elfjXpfIYZf7vUV7MPquKL7qAcopd96XBszhOn7g+ibzem+wgt\n1UTSeOBESYANHeJk2MuWPSRXk/FlQETVIcPAEp0kxbwQE+7YEdrMVeDcIe5lPwGD\n+WuS3kg0MPgUrXZXn74gcwWmSIOyHfqXULqOxWE25uU2icdV+2w=\n-----END RSA PRIVATE KEY-----\n"
private_key = OpenSSL::PKey::RSA.new(private_key33)
# puts private_key.to_json
# Generate the JWT
payload = {
# issued at time, 60 seconds in the past to allow for clock drift
iat: Time.now.to_i - 60,
# JWT expiration time (10 minute maximum)
exp: Time.now.to_i + (10 * 60),
# GitHub App's identifier
iss: "782"
}
jwt = JWT.encode(payload, private_key, "RS256")
puts jwt
# puts OpenSSL::PKey::RSA.new(private_key33).public_key.to_s
#
rsa_private = OpenSSL::PKey::RSA.new(private_key33)
rsa_public = rsa_private.public_key
# decoded_token = JWT.decode jwt, nil, false
begin
decoded_token = JWT.decode jwt, rsa_private, true, { algorithm: 'RS256' }
rescue JWT::DecodeError
puts "jwt is not mmmmmm"
end
#
puts decoded_token[0]
puts decoded_token[0]["iss"]
# serialized_private_key = OpenSSL::PKey::RSA::generate(2048).to_s