Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: 🐛 fix local arkstore api #869

Merged
merged 1 commit into from
May 26, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions api/v1/views/bind_saas.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ class BindSaasSlugSchemaOut(Schema):
saas_tenant_slug: Optional[str]


class BindSaasInfoSchemaOut(Schema):
company_name: str
contact_person: str
class BindSaasInfoSchema(Schema):
company_name: Optional[str]
contact_person: Optional[str]
email: Optional[str]
mobile: str
mobile: Optional[str]


@api.get("/tenant/{tenant_id}/bind_saas/", tags=['bind_saas'], response=BindSaasSchemaOut)
Expand Down Expand Up @@ -69,7 +69,7 @@ def set_bind_saas_slug(request, tenant_id: str, data: BindSaasSlugSchemaOut):
return bind_info


@api.get("/tenant/{tenant_id}/bind_saas/info/", tags=['bind_saas'], response=BindSaasInfoSchemaOut)
@api.get("/tenant/{tenant_id}/bind_saas/info/", tags=['bind_saas'], response=BindSaasInfoSchema)
def get_bind_saas_info(request, tenant_id: str):
"""
查询 saas info 绑定信息
Expand All @@ -79,7 +79,7 @@ def get_bind_saas_info(request, tenant_id: str):


@api.post("/tenant/{tenant_id}/bind_saas/info/", tags=['bind_saas'])
def update_bind_saas_info(request, tenant_id: str, data: BindSaasInfoSchemaOut):
def update_bind_saas_info(request, tenant_id: str, data: BindSaasInfoSchema):
"""
更新 saas info 绑定信息
"""
Expand Down
50 changes: 19 additions & 31 deletions arkid/common/arkstore.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def get_saas_token(tenant, token):
获取saas平台token
"""
# 缓存 saas_token
key = (tenant.id, token)
key = (str(tenant.id), token)
if key in arkid_saas_token_cache:
return arkid_saas_token_cache[key]
app = Application.objects.filter(name='arkid_saas').first()
Expand All @@ -45,25 +45,33 @@ def get_saas_token(tenant, token):
return arkid_saas_token_cache[key]


arkstore_access_token_cache = {}

def get_arkstore_access_token(tenant, token):
"""
获取插件商店access_token
"""
# 缓存 idtoken
key = (tenant.id, token)
if key in arkstore_access_token_cache:
return arkstore_access_token_cache[key]
saas_token, saas_tenant_id, saas_tenant_slug = get_saas_token(tenant, token)
params = {'state': 'client', 'tenant_slug': saas_tenant_slug, 'tenant_uuid': saas_tenant_id,'token': saas_token}
get_arkstore_access_token_with_saas_token(saas_tenant_slug, saas_tenant_id, saas_token)


arkstore_access_token_saas_cache = {}

def get_arkstore_access_token_with_saas_token(saas_tenant_slug, saas_tenant_id, token):
"""
获取插件商店access_token
"""
# 缓存 idtoken
key = (str(saas_tenant_id), token)
if key in arkstore_access_token_saas_cache:
return arkstore_access_token_saas_cache[key]
params = {'state': 'client', 'tenant_slug': saas_tenant_slug, 'tenant_uuid': str(saas_tenant_id), 'token': token}
app_login_url = settings.ARKSTOER_URL + '/api/v1/login'
resp = requests.get(app_login_url, params=params)
if resp.status_code != 200:
arkstore_access_token_saas_cache.pop(key, None)
raise Exception(f'Error get_arkstore_access_token: {resp.status_code}')
resp = resp.json()
arkstore_access_token_cache[key] = resp['access_token']
return arkstore_access_token_cache[key]
arkstore_access_token_saas_cache[key] = resp['access_token']
return arkstore_access_token_saas_cache[key]


def get_arkstore_extensions(access_token, purchased=None, type=None, offset=0, limit=10):
Expand Down Expand Up @@ -311,28 +319,8 @@ def get_arkid_saas_app_detail(tenant, token, extension_id):
return resp


arkstore_access_token_saas_cache = {}

def get_arkstore_access_token_with_saas_token(tenant, token):
"""
获取插件商店access_token
"""
# 缓存 idtoken
key = (tenant.id, token)
if key in arkstore_access_token_saas_cache:
return arkstore_access_token_saas_cache[key]
params = {'state': 'client', 'tenant_slug': tenant.slug, 'tenant_uuid': tenant.id.hex, 'token': token}
app_login_url = settings.ARKSTOER_URL + '/api/v1/login'
resp = requests.get(app_login_url, params=params)
if resp.status_code != 200:
raise Exception(f'Error get_arkstore_access_token: {resp.status_code}')
resp = resp.json()
arkstore_access_token_saas_cache[key] = resp['access_token']
return arkstore_access_token_saas_cache[key]


def check_arkstore_purchased(tenant, token, app):
access_token = get_arkstore_access_token_with_saas_token(tenant, token)
access_token = get_arkstore_access_token_with_saas_token(tenant.slug, tenant.id, token)
order_url = settings.ARKSTOER_URL + f'/api/v1/arkstore/apps/saas_app_order/{app.id.hex}'
headers = {'Authorization': f'Token {access_token}'}
params = {}
Expand Down
74 changes: 34 additions & 40 deletions arkid/core/perm/permission_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -1122,53 +1122,47 @@ def check_app_entry_permission(self, request, type, kwargs):
检查应用入口权限
'''
token = request.GET.get('token', '')
tenant_id = None
if 'tenant_id' in kwargs:
tenant_id = kwargs.get('tenant_id')
else:
path = request.path
id_re = r"[0-9a-f]{8}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{12}"
res = re.search(id_re, path)
if res:
tenant_id = res.group(0)
if tenant_id:
client_id = request.GET.get('client_id', '')
apps = App.valid_objects.filter(
tenant = request.tenant
if not tenant:
return False
tenant_id = tenant.id.hex

client_id = request.GET.get('client_id', '')
apps = App.valid_objects.filter(
tenant_id=tenant_id,
type__in=type
)
app = None
if client_id:
# oauth有这个参数
for app_temp in apps:
config_data = app_temp.config.config
data_client = config_data.get('client_id', '')
if data_client == client_id:
app = app_temp
break
if app is None:
apps = apps.order_by('-created')
app = apps.first()
if app:
permission = Permission.valid_objects.filter(
app=app,
tenant_id=tenant_id,
type__in=type
)
app = None
if client_id:
# oauth有这个参数
for app_temp in apps:
config_data = app_temp.config.config
data_client = config_data.get('client_id', '')
if data_client == client_id:
app = app_temp
break
if app is None:
apps = apps.order_by('-created')
app = apps.first()
if app:
permission = Permission.valid_objects.filter(
app=app,
tenant_id=tenant_id,
category='entry',
is_system=True,
).first()
if permission:
user = self.token_check(tenant_id, token, request)
result = self.permission_check_by_sortid(permission, user, app, tenant_id)
if result:
return True
else:
return False
category='entry',
is_system=True,
).first()
if permission:
user = self.token_check(tenant_id, token, request)
result = self.permission_check_by_sortid(permission, user, app, tenant_id)
if result:
return True
else:
return False
else:
return False
else:
return False


def permission_check_by_sortid(self, permission, user, app, tenant_id):
'''
Expand Down