From d06f6914265e59e1d0afe3ee8b36a65c60d7631a Mon Sep 17 00:00:00 2001 From: Luo Lu Date: Thu, 26 May 2022 03:28:18 +0000 Subject: [PATCH] =?UTF-8?q?fix:=20=F0=9F=90=9B=20fix=20local=20arkstore=20?= =?UTF-8?q?api?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/v1/views/bind_saas.py | 12 ++--- arkid/common/arkstore.py | 50 ++++++++------------ arkid/core/perm/permission_data.py | 74 ++++++++++++++---------------- 3 files changed, 59 insertions(+), 77 deletions(-) diff --git a/api/v1/views/bind_saas.py b/api/v1/views/bind_saas.py index d68e2b8e1..4bf18442e 100644 --- a/api/v1/views/bind_saas.py +++ b/api/v1/views/bind_saas.py @@ -32,11 +32,11 @@ class BindSaasSlugSchemaOut(Schema): saas_tenant_slug: Optional[str] -class BindSaasInfoSchemaOut(Schema): - company_name: str - contact_person: str +class BindSaasInfoSchema(Schema): + company_name: Optional[str] + contact_person: Optional[str] email: Optional[str] - mobile: str + mobile: Optional[str] @api.get("/tenant/{tenant_id}/bind_saas/", tags=['bind_saas'], response=BindSaasSchemaOut) @@ -69,7 +69,7 @@ def set_bind_saas_slug(request, tenant_id: str, data: BindSaasSlugSchemaOut): return bind_info -@api.get("/tenant/{tenant_id}/bind_saas/info/", tags=['bind_saas'], response=BindSaasInfoSchemaOut) +@api.get("/tenant/{tenant_id}/bind_saas/info/", tags=['bind_saas'], response=BindSaasInfoSchema) def get_bind_saas_info(request, tenant_id: str): """ 查询 saas info 绑定信息 @@ -79,7 +79,7 @@ def get_bind_saas_info(request, tenant_id: str): @api.post("/tenant/{tenant_id}/bind_saas/info/", tags=['bind_saas']) -def update_bind_saas_info(request, tenant_id: str, data: BindSaasInfoSchemaOut): +def update_bind_saas_info(request, tenant_id: str, data: BindSaasInfoSchema): """ 更新 saas info 绑定信息 """ diff --git a/arkid/common/arkstore.py b/arkid/common/arkstore.py index 2c07541a3..1899d48bc 100644 --- a/arkid/common/arkstore.py +++ b/arkid/common/arkstore.py @@ -18,7 +18,7 @@ def get_saas_token(tenant, token): 获取saas平台token """ # 缓存 saas_token - key = (tenant.id, token) + key = (str(tenant.id), token) if key in arkid_saas_token_cache: return arkid_saas_token_cache[key] app = Application.objects.filter(name='arkid_saas').first() @@ -45,25 +45,33 @@ def get_saas_token(tenant, token): return arkid_saas_token_cache[key] -arkstore_access_token_cache = {} - def get_arkstore_access_token(tenant, token): """ 获取插件商店access_token """ - # 缓存 idtoken - key = (tenant.id, token) - if key in arkstore_access_token_cache: - return arkstore_access_token_cache[key] saas_token, saas_tenant_id, saas_tenant_slug = get_saas_token(tenant, token) - params = {'state': 'client', 'tenant_slug': saas_tenant_slug, 'tenant_uuid': saas_tenant_id,'token': saas_token} + get_arkstore_access_token_with_saas_token(saas_tenant_slug, saas_tenant_id, saas_token) + + +arkstore_access_token_saas_cache = {} + +def get_arkstore_access_token_with_saas_token(saas_tenant_slug, saas_tenant_id, token): + """ + 获取插件商店access_token + """ + # 缓存 idtoken + key = (str(saas_tenant_id), token) + if key in arkstore_access_token_saas_cache: + return arkstore_access_token_saas_cache[key] + params = {'state': 'client', 'tenant_slug': saas_tenant_slug, 'tenant_uuid': str(saas_tenant_id), 'token': token} app_login_url = settings.ARKSTOER_URL + '/api/v1/login' resp = requests.get(app_login_url, params=params) if resp.status_code != 200: + arkstore_access_token_saas_cache.pop(key, None) raise Exception(f'Error get_arkstore_access_token: {resp.status_code}') resp = resp.json() - arkstore_access_token_cache[key] = resp['access_token'] - return arkstore_access_token_cache[key] + arkstore_access_token_saas_cache[key] = resp['access_token'] + return arkstore_access_token_saas_cache[key] def get_arkstore_extensions(access_token, purchased=None, type=None, offset=0, limit=10): @@ -311,28 +319,8 @@ def get_arkid_saas_app_detail(tenant, token, extension_id): return resp -arkstore_access_token_saas_cache = {} - -def get_arkstore_access_token_with_saas_token(tenant, token): - """ - 获取插件商店access_token - """ - # 缓存 idtoken - key = (tenant.id, token) - if key in arkstore_access_token_saas_cache: - return arkstore_access_token_saas_cache[key] - params = {'state': 'client', 'tenant_slug': tenant.slug, 'tenant_uuid': tenant.id.hex, 'token': token} - app_login_url = settings.ARKSTOER_URL + '/api/v1/login' - resp = requests.get(app_login_url, params=params) - if resp.status_code != 200: - raise Exception(f'Error get_arkstore_access_token: {resp.status_code}') - resp = resp.json() - arkstore_access_token_saas_cache[key] = resp['access_token'] - return arkstore_access_token_saas_cache[key] - - def check_arkstore_purchased(tenant, token, app): - access_token = get_arkstore_access_token_with_saas_token(tenant, token) + access_token = get_arkstore_access_token_with_saas_token(tenant.slug, tenant.id, token) order_url = settings.ARKSTOER_URL + f'/api/v1/arkstore/apps/saas_app_order/{app.id.hex}' headers = {'Authorization': f'Token {access_token}'} params = {} diff --git a/arkid/core/perm/permission_data.py b/arkid/core/perm/permission_data.py index 133144ce1..c16d0429f 100644 --- a/arkid/core/perm/permission_data.py +++ b/arkid/core/perm/permission_data.py @@ -1122,53 +1122,47 @@ def check_app_entry_permission(self, request, type, kwargs): 检查应用入口权限 ''' token = request.GET.get('token', '') - tenant_id = None - if 'tenant_id' in kwargs: - tenant_id = kwargs.get('tenant_id') - else: - path = request.path - id_re = r"[0-9a-f]{8}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{12}" - res = re.search(id_re, path) - if res: - tenant_id = res.group(0) - if tenant_id: - client_id = request.GET.get('client_id', '') - apps = App.valid_objects.filter( + tenant = request.tenant + if not tenant: + return False + tenant_id = tenant.id.hex + + client_id = request.GET.get('client_id', '') + apps = App.valid_objects.filter( + tenant_id=tenant_id, + type__in=type + ) + app = None + if client_id: + # oauth有这个参数 + for app_temp in apps: + config_data = app_temp.config.config + data_client = config_data.get('client_id', '') + if data_client == client_id: + app = app_temp + break + if app is None: + apps = apps.order_by('-created') + app = apps.first() + if app: + permission = Permission.valid_objects.filter( + app=app, tenant_id=tenant_id, - type__in=type - ) - app = None - if client_id: - # oauth有这个参数 - for app_temp in apps: - config_data = app_temp.config.config - data_client = config_data.get('client_id', '') - if data_client == client_id: - app = app_temp - break - if app is None: - apps = apps.order_by('-created') - app = apps.first() - if app: - permission = Permission.valid_objects.filter( - app=app, - tenant_id=tenant_id, - category='entry', - is_system=True, - ).first() - if permission: - user = self.token_check(tenant_id, token, request) - result = self.permission_check_by_sortid(permission, user, app, tenant_id) - if result: - return True - else: - return False + category='entry', + is_system=True, + ).first() + if permission: + user = self.token_check(tenant_id, token, request) + result = self.permission_check_by_sortid(permission, user, app, tenant_id) + if result: + return True else: return False else: return False else: return False + def permission_check_by_sortid(self, permission, user, app, tenant_id): '''