ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2025-07-22 20:37:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor openapikey and outlink apis (#2134)

Browse Source 
* refactor: OpenAPIKey refactor

* refactor: outlink api refactor

fix: list return wrong data

* chore: remove deprecated type definition

* chore: remove throw Error. instead of Promise.reject

* fix: auth openapikey's owner

* fix: manager could read all keys
This commit is contained in:
Finley Ge
2024-07-24 11:11:36 +08:00
committed by GitHub
parent a233ab9584
commit a478621730
12 changed files with 300 additions and 244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
packages/global/common/error/code/openapi.ts
View File

@@ -3,7 +3,8 @@ import { ErrType } from '../errorCode';
/* dataset: 506000 */
export enum OpenApiErrEnum {
unExist = 'openapiUnExist',
unAuth = 'openapiUnAuth'
unAuth = 'openapiUnAuth',
exceedLimit = 'openapiExceedLimit'
}
const errList = [
{
@@ -13,6 +14,10 @@ const errList = [
{
statusText: OpenApiErrEnum.unAuth,
message: '无权操作该 Api Key'
},
{
statusText: OpenApiErrEnum.exceedLimit,
message: '最多 10 组 API 密钥'
}
];
export default errList.reduce((acc, cur, index) => {

10
packages/global/support/permission/type.d.ts vendored
View File

@@ -18,16 +18,6 @@ export type PermissionListType<T = {}> = Record<
}
>;
export type AuthResponseType = {
teamId: string;
tmbId: string;
isOwner: boolean;
canWrite: boolean;
authType?: `${AuthUserTypeEnum}`;
appId?: string;
apikey?: string;
};
export type ResourcePermissionType = {
teamId: string;
tmbId: string;

45
packages/service/support/permission/auth/openapi.ts
View File

@@ -1,16 +1,12 @@
import { AuthResponseType } from '@fastgpt/global/support/permission/type';
import { AuthModeType } from '../type';
import { AuthModeType, AuthResponseType } from '../type';
import { OpenApiSchema } from '@fastgpt/global/support/openapi/type';
import { parseHeaderCert } from '../controller';
import { getTmbInfoByTmbId } from '../../user/team/controller';
import { MongoOpenApi } from '../../openapi/schema';
import { OpenApiErrEnum } from '@fastgpt/global/common/error/code/openapi';
import { TeamMemberRoleEnum } from '@fastgpt/global/support/user/team/constant';
import {
OwnerPermissionVal,
ReadPermissionVal,
WritePermissionVal
} from '@fastgpt/global/support/permission/constant';
import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
import { authAppByTmbId } from '../app/auth';
import { Permission } from '@fastgpt/global/support/permission/controller';
export async function authOpenApiKeyCrud({
id,
@@ -26,39 +22,38 @@ export async function authOpenApiKeyCrud({
const result = await parseHeaderCert(props);
const { tmbId, teamId } = result;
const { role, permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });
const { openapi, isOwner, canWrite } = await (async () => {
const { openapi, permission } = await (async () => {
const openapi = await MongoOpenApi.findOne({ _id: id, teamId });
if (!openapi) {
throw new Error(OpenApiErrEnum.unExist);
}
const isOwner = String(openapi.tmbId) === tmbId || role === TeamMemberRoleEnum.owner;
const canWrite = isOwner || (String(openapi.tmbId) === tmbId && tmbPer.hasWritePer);
if (!!openapi.appId) {
// if is not global openapi, then auth app
const { app } = await authAppByTmbId({ appId: openapi.appId!, tmbId, per });
return {
permission: app.permission,
openapi
};
}
// if is global openapi, then auth openapi
const { permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });
if (per === ReadPermissionVal && !canWrite) {
return Promise.reject(OpenApiErrEnum.unAuth);
}
if (per === WritePermissionVal && !canWrite) {
return Promise.reject(OpenApiErrEnum.unAuth);
}
if (per === OwnerPermissionVal && !isOwner) {
if (!tmbPer.checkPer(per) && tmbId !== String(openapi.tmbId)) {
return Promise.reject(OpenApiErrEnum.unAuth);
}
return {
openapi,
isOwner,
canWrite
permission: new Permission({
per
})
};
})();
return {
...result,
openapi,
isOwner,
canWrite
permission
};
}

88
projects/app/src/pages/api/core/dataset/folder/create.ts Normal file
View File

@@ -0,0 +1,88 @@
import type { ApiRequestProps, ApiResponseType } from '@fastgpt/service/type/next';
import { NextAPI } from '@/service/middleware/entry';
import { MongoDataset } from '@fastgpt/service/core/dataset/schema';
import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
import {
PerResourceTypeEnum,
WritePermissionVal
} from '@fastgpt/global/support/permission/constant';
import { authDataset } from '@fastgpt/service/support/permission/dataset/auth';
import { mongoSessionRun } from '@fastgpt/service/common/mongo/sessionRun';
import { parseParentIdInMongo } from '@fastgpt/global/common/parentFolder/utils';
import { FolderImgUrl } from '@fastgpt/global/common/file/image/constants';
import { DatasetTypeEnum } from '@fastgpt/global/core/dataset/constants';
import { DatasetDefaultPermissionVal } from '@fastgpt/global/support/permission/dataset/constant';
import { getResourceAllClbs } from '@fastgpt/service/support/permission/controller';
import { syncCollaborators } from '@fastgpt/service/support/permission/inheritPermission';
export type DatasetFolderCreateQuery = {};
export type DatasetFolderCreateBody = {
parentId?: string;
name: string;
intro: string;
};
export type DatasetFolderCreateResponse = {};
async function handler(
req: ApiRequestProps<DatasetFolderCreateBody, DatasetFolderCreateQuery>,
_res: ApiResponseType<any>
): Promise<DatasetFolderCreateResponse> {
const { parentId, name, intro } = req.body;
if (!name) {
return Promise.reject(CommonErrEnum.missingParams);
}
const { tmbId, teamId } = await authUserPer({
req,
per: WritePermissionVal,
authToken: true
});
const parentFolder = await (async () => {
if (parentId) {
return (
await authDataset({
datasetId: parentId,
per: WritePermissionVal,
req,
authToken: true
})
).dataset;
}
})();
await mongoSessionRun(async (session) => {
const app = await MongoDataset.create({
...parseParentIdInMongo(parentId),
avatar: FolderImgUrl,
name,
intro,
teamId,
tmbId,
type: DatasetTypeEnum.folder,
defaultPermission: !!parentFolder
? parentFolder.defaultPermission
: DatasetDefaultPermissionVal
});
if (parentId) {
const parentClbs = await getResourceAllClbs({
teamId,
resourceId: parentId,
resourceType: PerResourceTypeEnum.dataset,
session
});
await syncCollaborators({
resourceType: PerResourceTypeEnum.dataset,
teamId,
resourceId: app._id,
collaborators: parentClbs,
session
});
}
});
return {};
}
export default NextAPI(handler);

80
projects/app/src/pages/api/support/openapi/create.ts
View File

@@ -1,44 +1,56 @@
import type { NextApiRequest, NextApiResponse } from 'next';
import { jsonRes } from '@fastgpt/service/common/response';
import { connectToDatabase } from '@/service/mongo';
import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
import { customAlphabet } from 'nanoid';
import type { EditApiKeyProps } from '@/global/support/openapi/api';
import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
import { WritePermissionVal } from '@fastgpt/global/support/permission/constant';
import { getNanoid } from '@fastgpt/global/common/string/tools';
import type { ApiRequestProps } from '@fastgpt/service/type/next';
import { NextAPI } from '@/service/middleware/entry';
import {
ManagePermissionVal,
WritePermissionVal
} from '@fastgpt/global/support/permission/constant';
import { authApp } from '@fastgpt/service/support/permission/app/auth';
import { OpenApiErrEnum } from '@fastgpt/global/common/error/code/openapi';
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {
await connectToDatabase();
const { appId, name, limit } = req.body as EditApiKeyProps;
const { teamId, tmbId } = await authUserPer({ req, authToken: true, per: WritePermissionVal });
const count = await MongoOpenApi.find({ tmbId, appId }).countDocuments();
if (count >= 10) {
throw new Error('最多 10 组 API 秘钥');
async function handler(req: ApiRequestProps<EditApiKeyProps>): Promise<string> {
const { appId, name, limit } = req.body;
const { tmbId, teamId } = await (async () => {
if (!appId) {
// global apikey is being created, auth the tmb
const { teamId, tmbId } = await authUserPer({
req,
authToken: true,
per: WritePermissionVal
});
return { teamId, tmbId };
} else {
const { teamId, tmbId } = await authApp({
req,
per: ManagePermissionVal,
appId,
authToken: true
});
return { teamId, tmbId };
}
})();
const nanoid = getNanoid(Math.floor(Math.random() * 14) + 52);
const apiKey = `${global.systemEnv?.openapiPrefix || 'fastgpt'}-${nanoid}`;
const count = await MongoOpenApi.find({ tmbId, appId }).countDocuments();
await MongoOpenApi.create({
teamId,
tmbId,
apiKey,
appId,
name,
limit
});
jsonRes(res, {
data: apiKey
});
} catch (err) {
jsonRes(res, {
code: 500,
error: err
});
if (count >= 10) {
return Promise.reject(OpenApiErrEnum.exceedLimit);
}
const nanoid = getNanoid(Math.floor(Math.random() * 14) + 52);
const apiKey = `${global.systemEnv?.openapiPrefix || 'fastgpt'}-${nanoid}`;
await MongoOpenApi.create({
teamId,
tmbId,
apiKey,
appId,
name,
limit
});
return apiKey;
}
export default NextAPI(handler);

3
projects/app/src/pages/api/support/openapi/delete.ts
View File

@@ -4,6 +4,7 @@ import { connectToDatabase } from '@/service/mongo';
import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
import { authOpenApiKeyCrud } from '@fastgpt/service/support/permission/auth/openapi';
import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {
@@ -11,7 +12,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
const { id } = req.query as { id: string };
if (!id) {
throw new Error('缺少参数');
return Promise.reject(CommonErrEnum.missingParams);
}
await authOpenApiKeyCrud({ req, authToken: true, id, per: OwnerPermissionVal });

61
projects/app/src/pages/api/support/openapi/list.ts
View File

@@ -1,53 +1,42 @@
import type { NextApiRequest, NextApiResponse } from 'next';
import { jsonRes } from '@fastgpt/service/common/response';
import { connectToDatabase } from '@/service/mongo';
import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
import type { GetApiKeyProps } from '@/global/support/openapi/api';
import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
import { authApp } from '@fastgpt/service/support/permission/app/auth';
import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
import type { ApiRequestProps } from '@fastgpt/service/type/next';
import { NextAPI } from '@/service/middleware/entry';
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {
await connectToDatabase();
const { appId } = req.query as GetApiKeyProps;
async function handler(req: ApiRequestProps<any, GetApiKeyProps>) {
const { appId } = req.query;
if (appId) {
await authApp({
req,
authToken: true,
appId,
per: ManagePermissionVal
});
const findResponse = await MongoOpenApi.find({
appId
}).sort({ _id: -1 });
return jsonRes(res, {
data: findResponse.map((item) => item.toObject())
});
}
const { teamId, tmbId, permission } = await authUserPer({
if (appId) {
// app-level apikey
await authApp({
req,
authToken: true,
appId,
per: ManagePermissionVal
});
const findResponse = await MongoOpenApi.find({
appId,
teamId,
...(!permission.isOwner && { tmbId })
appId
}).sort({ _id: -1 });
return jsonRes(res, {
data: findResponse.map((item) => item.toObject())
});
} catch (err) {
jsonRes(res, {
code: 500,
error: err
});
return findResponse.map((item) => item.toObject());
}
// global apikey
const { teamId, tmbId, permission } = await authUserPer({
req,
authToken: true
});
const findResponse = await MongoOpenApi.find({
appId,
teamId,
...(!permission.hasManagePer && { tmbId }) // if not manager, read own key
}).sort({ _id: -1 });
return findResponse.map((item) => item.toObject());
}
export default NextAPI(handler);

31
projects/app/src/pages/api/support/openapi/update.ts
View File

@@ -1,28 +1,19 @@
import type { NextApiRequest, NextApiResponse } from 'next';
import { jsonRes } from '@fastgpt/service/common/response';
import { connectToDatabase } from '@/service/mongo';
import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
import type { EditApiKeyProps } from '@/global/support/openapi/api.d';
import { authOpenApiKeyCrud } from '@fastgpt/service/support/permission/auth/openapi';
import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
import type { ApiRequestProps } from '@fastgpt/service/type/next';
import { NextAPI } from '@/service/middleware/entry';
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {
await connectToDatabase();
const { _id, name, limit } = req.body as EditApiKeyProps & { _id: string };
async function handler(req: ApiRequestProps<EditApiKeyProps & { _id: string }>): Promise<void> {
const { _id, name, limit } = req.body;
await authOpenApiKeyCrud({ req, authToken: true, id: _id, per: OwnerPermissionVal });
await authOpenApiKeyCrud({ req, authToken: true, id: _id, per: OwnerPermissionVal });
await MongoOpenApi.findByIdAndUpdate(_id, {
...(name && { name }),
...(limit && { limit })
});
jsonRes(res);
} catch (err) {
jsonRes(res, {
code: 500,
error: err
});
}
await MongoOpenApi.findByIdAndUpdate(_id, {
...(name && { name }),
...(limit && { limit })
});
}
export default NextAPI(handler);

70
projects/app/src/pages/api/support/outLink/create.ts
View File

@@ -1,47 +1,45 @@
import type { NextApiRequest, NextApiResponse } from 'next';
import { jsonRes } from '@fastgpt/service/common/response';
import { connectToDatabase } from '@/service/mongo';
import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
import { authApp } from '@fastgpt/service/support/permission/app/auth';
import type { OutLinkEditType } from '@fastgpt/global/support/outLink/type.d';
import { customAlphabet } from 'nanoid';
import { PublishChannelEnum } from '@fastgpt/global/support/outLink/constant';
import { WritePermissionVal } from '@fastgpt/global/support/permission/constant';
const nanoid = customAlphabet('abcdefghijklmnopqrstuvwxyz1234567890', 24);
import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
import type { ApiRequestProps } from '@fastgpt/service/type/next';
import { NextAPI } from '@/service/middleware/entry';
/* create a shareChat */
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {
await connectToDatabase();
const { appId, ...props } = req.body as OutLinkEditType &
OutLinkEditType & {
appId: string;
type: PublishChannelEnum;
};
const nanoid = customAlphabet('abcdefghijklmnopqrstuvwxyz1234567890', 24);
const { teamId, tmbId } = await authApp({
req,
authToken: true,
appId,
per: WritePermissionVal
});
export type OutLinkCreateQuery = {};
export type OutLinkCreateBody = OutLinkEditType &
OutLinkEditType & {
appId: string;
type: PublishChannelEnum;
};
export type OutLinkCreateResponse = string;
const shareId = nanoid();
await MongoOutLink.create({
shareId,
teamId,
tmbId,
appId,
...props
});
async function handler(
req: ApiRequestProps<OutLinkCreateBody, OutLinkCreateQuery>
): Promise<OutLinkCreateResponse> {
const { appId, ...props } = req.body;
jsonRes(res, {
data: shareId
});
} catch (err) {
jsonRes(res, {
code: 500,
error: err
});
}
const { teamId, tmbId } = await authApp({
req,
authToken: true,
appId,
per: ManagePermissionVal
});
const shareId = nanoid();
await MongoOutLink.create({
shareId,
teamId,
tmbId,
appId,
...props
});
return shareId;
}
export default NextAPI(handler);

41
projects/app/src/pages/api/support/outLink/delete.ts
View File

@@ -1,28 +1,23 @@
import type { NextApiRequest, NextApiResponse } from 'next';
import { jsonRes } from '@fastgpt/service/common/response';
import { connectToDatabase } from '@/service/mongo';
import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
import { authOutLinkCrud } from '@fastgpt/service/support/permission/publish/authLink';
import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
import type { ApiRequestProps } from '@fastgpt/service/type/next';
import { NextAPI } from '@/service/middleware/entry';
export type OutLinkDeleteQuery = {
id: string;
};
export type OutLinkDeleteBody = {};
export type OutLinkDeleteResponse = {};
/* delete a shareChat by shareChatId */
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {
await connectToDatabase();
const { id } = req.query as {
id: string;
};
await authOutLinkCrud({ req, outLinkId: id, authToken: true, per: ManagePermissionVal });
await MongoOutLink.findByIdAndRemove(id);
jsonRes(res);
} catch (err) {
jsonRes(res, {
code: 500,
error: err
});
}
async function handler(
req: ApiRequestProps<OutLinkDeleteBody, OutLinkDeleteQuery>
): Promise<OutLinkDeleteResponse> {
const { id } = req.query;
await authOutLinkCrud({ req, outLinkId: id, authToken: true, per: OwnerPermissionVal });
await MongoOutLink.findByIdAndRemove(id);
return {};
}
export default NextAPI(handler);

59
projects/app/src/pages/api/support/outLink/list.ts
View File

@@ -1,39 +1,34 @@
import type { NextApiRequest, NextApiResponse } from 'next';
import { jsonRes } from '@fastgpt/service/common/response';
import { connectToDatabase } from '@/service/mongo';
import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
import { authApp } from '@fastgpt/service/support/permission/app/auth';
import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
import type { ApiRequestProps } from '@fastgpt/service/type/next';
import { NextAPI } from '@/service/middleware/entry';
import { OutLinkSchema } from '@fastgpt/global/support/outLink/type';
export type OutLinkListQuery = {
appId: string;
type: string;
};
export type OutLinkListBody = {};
export type OutLinkListResponse = OutLinkSchema[];
/* get shareChat list by appId */
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {
await connectToDatabase();
async function handler(
req: ApiRequestProps<OutLinkListBody, OutLinkListQuery>
): Promise<OutLinkListResponse> {
const { appId, type } = req.query;
await authApp({
req,
authToken: true,
appId,
per: ManagePermissionVal
});
const { appId, type } = req.query as {
appId: string;
type: string;
};
const data = await MongoOutLink.find({
appId,
type: type
}).sort({
_id: -1
});
await authApp({
req,
authToken: true,
appId,
per: ManagePermissionVal
});
const data = await MongoOutLink.find({
appId,
type: type
}).sort({
_id: -1
});
jsonRes(res, { data });
} catch (err) {
jsonRes(res, {
code: 500,
error: err
});
}
return data;
}
export default NextAPI(handler);

49
projects/app/src/pages/api/support/outLink/update.ts
View File

@@ -1,34 +1,31 @@
import type { NextApiRequest, NextApiResponse } from 'next';
import { jsonRes } from '@fastgpt/service/common/response';
import { connectToDatabase } from '@/service/mongo';
import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
import type { OutLinkEditType } from '@fastgpt/global/support/outLink/type.d';
import { authOutLinkCrud } from '@fastgpt/service/support/permission/publish/authLink';
import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
import type { ApiRequestProps } from '@fastgpt/service/type/next';
import { NextAPI } from '@/service/middleware/entry';
import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {
await connectToDatabase();
export type OutLinkUpdateQuery = {};
export type OutLinkUpdateBody = OutLinkEditType & {};
export type OutLinkUpdateResponse = {};
const { _id, name, responseDetail, limit } = req.body as OutLinkEditType & {};
async function handler(
req: ApiRequestProps<OutLinkUpdateBody, OutLinkUpdateQuery>
): Promise<OutLinkUpdateResponse> {
const { _id, name, responseDetail, limit } = req.body;
if (!_id) {
throw new Error('_id is required');
}
await authOutLinkCrud({ req, outLinkId: _id, authToken: true, per: ManagePermissionVal });
await MongoOutLink.findByIdAndUpdate(_id, {
name,
responseDetail,
limit
});
jsonRes(res);
} catch (err) {
jsonRes(res, {
code: 500,
error: err
});
if (!_id) {
return Promise.reject(CommonErrEnum.missingParams);
}
await authOutLinkCrud({ req, outLinkId: _id, authToken: true, per: OwnerPermissionVal });
await MongoOutLink.findByIdAndUpdate(_id, {
name,
responseDetail,
limit
});
return {};
}
export default NextAPI(handler);