refactor openapikey and outlink apis (#2134)

* refactor: OpenAPIKey refactor

* refactor: outlink api refactor

fix: list return wrong data

* chore: remove deprecated type definition

* chore: remove throw Error. instead of Promise.reject

* fix: auth openapikey's owner

* fix: manager could read all keys

packages/global/common/error/code/openapi.ts

@@ -3,7 +3,8 @@ import { ErrType } from '../errorCode';
 /* dataset: 506000 */
 export enum OpenApiErrEnum {
   unExist = 'openapiUnExist',
-  unAuth = 'openapiUnAuth'
+  unAuth = 'openapiUnAuth',
+  exceedLimit = 'openapiExceedLimit'
 }
 const errList = [
   {
@@ -13,6 +14,10 @@ const errList = [
   {
     statusText: OpenApiErrEnum.unAuth,
     message: '无权操作该 Api Key'
+  },
+  {
+    statusText: OpenApiErrEnum.exceedLimit,
+    message: '最多 10 组 API 密钥'
   }
 ];
 export default errList.reduce((acc, cur, index) => {

packages/global/support/permission/type.d.ts

@@ -18,16 +18,6 @@ export type PermissionListType<T = {}> = Record<
   }
 >;
 
-export type AuthResponseType = {
-  teamId: string;
-  tmbId: string;
-  isOwner: boolean;
-  canWrite: boolean;
-  authType?: `${AuthUserTypeEnum}`;
-  appId?: string;
-  apikey?: string;
-};
-
 export type ResourcePermissionType = {
   teamId: string;
   tmbId: string;

packages/service/support/permission/auth/openapi.ts

@@ -1,16 +1,12 @@
-import { AuthResponseType } from '@fastgpt/global/support/permission/type';
-import { AuthModeType } from '../type';
+import { AuthModeType, AuthResponseType } from '../type';
 import { OpenApiSchema } from '@fastgpt/global/support/openapi/type';
 import { parseHeaderCert } from '../controller';
 import { getTmbInfoByTmbId } from '../../user/team/controller';
 import { MongoOpenApi } from '../../openapi/schema';
 import { OpenApiErrEnum } from '@fastgpt/global/common/error/code/openapi';
-import { TeamMemberRoleEnum } from '@fastgpt/global/support/user/team/constant';
-import {
-  OwnerPermissionVal,
-  ReadPermissionVal,
-  WritePermissionVal
-} from '@fastgpt/global/support/permission/constant';
+import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
+import { authAppByTmbId } from '../app/auth';
+import { Permission } from '@fastgpt/global/support/permission/controller';
 
 export async function authOpenApiKeyCrud({
   id,
@@ -26,39 +22,38 @@ export async function authOpenApiKeyCrud({
   const result = await parseHeaderCert(props);
   const { tmbId, teamId } = result;
 
-  const { role, permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });
-
-  const { openapi, isOwner, canWrite } = await (async () => {
+  const { openapi, permission } = await (async () => {
     const openapi = await MongoOpenApi.findOne({ _id: id, teamId });
-
     if (!openapi) {
       throw new Error(OpenApiErrEnum.unExist);
     }
 
-    const isOwner = String(openapi.tmbId) === tmbId || role === TeamMemberRoleEnum.owner;
-    const canWrite = isOwner || (String(openapi.tmbId) === tmbId && tmbPer.hasWritePer);
+    if (!!openapi.appId) {
+      // if is not global openapi, then auth app
+      const { app } = await authAppByTmbId({ appId: openapi.appId!, tmbId, per });
+      return {
+        permission: app.permission,
+        openapi
+      };
+    }
+    // if is global openapi, then auth openapi
+    const { permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });
 
-    if (per === ReadPermissionVal && !canWrite) {
-      return Promise.reject(OpenApiErrEnum.unAuth);
-    }
-    if (per === WritePermissionVal && !canWrite) {
-      return Promise.reject(OpenApiErrEnum.unAuth);
-    }
-    if (per === OwnerPermissionVal && !isOwner) {
+    if (!tmbPer.checkPer(per) && tmbId !== String(openapi.tmbId)) {
       return Promise.reject(OpenApiErrEnum.unAuth);
     }
 
     return {
       openapi,
-      isOwner,
-      canWrite
+      permission: new Permission({
+        per
+      })
     };
   })();
 
   return {
     ...result,
     openapi,
-    isOwner,
-    canWrite
+    permission
   };
 }