refactor openapikey and outlink apis (#2134)

* refactor: OpenAPIKey refactor * refactor: outlink api refactor fix: list return wrong data * chore: remove deprecated type definition * chore: remove throw Error. instead of Promise.reject * fix: auth openapikey's owner * fix: manager could read all keys
2025-07-26 15:54:11 +00:00 · 2024-07-24 11:11:36 +08:00
parent a233ab9584
commit a478621730
12 changed files with 300 additions and 244 deletions
--- a/packages/global/common/error/code/openapi.ts
+++ b/packages/global/common/error/code/openapi.ts
@@ -3,7 +3,8 @@ import { ErrType } from '../errorCode';
 /* dataset: 506000 */
 export enum OpenApiErrEnum {
  unExist = 'openapiUnExist',
-  unAuth = 'openapiUnAuth'
+  unAuth = 'openapiUnAuth',
  exceedLimit = 'openapiExceedLimit'
 }
 const errList = [
  {
@@ -13,6 +14,10 @@ const errList = [
  {
    statusText: OpenApiErrEnum.unAuth,
    message: '无权操作该 Api Key'
  },
  {
    statusText: OpenApiErrEnum.exceedLimit,
    message: '最多 10 组 API 密钥'
  }
 ];
 export default errList.reduce((acc, cur, index) => {
--- a/packages/global/support/permission/type.d.ts
+++ b/packages/global/support/permission/type.d.ts
@@ -18,16 +18,6 @@ export type PermissionListType<T = {}> = Record<
  }
 >;
 export type AuthResponseType = {
  teamId: string;
  tmbId: string;
  isOwner: boolean;
  canWrite: boolean;
  authType?: `${AuthUserTypeEnum}`;
  appId?: string;
  apikey?: string;
 };
 export type ResourcePermissionType = {
  teamId: string;
  tmbId: string;
--- a/packages/service/support/permission/auth/openapi.ts
+++ b/packages/service/support/permission/auth/openapi.ts
@@ -1,16 +1,12 @@
-import { AuthResponseType } from '@fastgpt/global/support/permission/type';
+import { AuthModeType, AuthResponseType } from '../type';
 import { AuthModeType } from '../type';
 import { OpenApiSchema } from '@fastgpt/global/support/openapi/type';
 import { parseHeaderCert } from '../controller';
 import { getTmbInfoByTmbId } from '../../user/team/controller';
 import { MongoOpenApi } from '../../openapi/schema';
 import { OpenApiErrEnum } from '@fastgpt/global/common/error/code/openapi';
-import { TeamMemberRoleEnum } from '@fastgpt/global/support/user/team/constant';
+import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
-import {
+import { authAppByTmbId } from '../app/auth';
-  OwnerPermissionVal,
+import { Permission } from '@fastgpt/global/support/permission/controller';
  ReadPermissionVal,
  WritePermissionVal
 } from '@fastgpt/global/support/permission/constant';
 export async function authOpenApiKeyCrud({
  id,
@@ -26,39 +22,38 @@ export async function authOpenApiKeyCrud({
  const result = await parseHeaderCert(props);
  const { tmbId, teamId } = result;
-  const { role, permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });
+  const { openapi, permission } = await (async () => {
  const { openapi, isOwner, canWrite } = await (async () => {
    const openapi = await MongoOpenApi.findOne({ _id: id, teamId });
    if (!openapi) {
      throw new Error(OpenApiErrEnum.unExist);
    }
-    const isOwner = String(openapi.tmbId) === tmbId || role === TeamMemberRoleEnum.owner;
+    if (!!openapi.appId) {
-    const canWrite = isOwner || (String(openapi.tmbId) === tmbId && tmbPer.hasWritePer);
+      // if is not global openapi, then auth app
      const { app } = await authAppByTmbId({ appId: openapi.appId!, tmbId, per });
      return {
        permission: app.permission,
        openapi
      };
    }
    // if is global openapi, then auth openapi
    const { permission: tmbPer } = await getTmbInfoByTmbId({ tmbId });
-    if (per === ReadPermissionVal && !canWrite) {
+    if (!tmbPer.checkPer(per) && tmbId !== String(openapi.tmbId)) {
      return Promise.reject(OpenApiErrEnum.unAuth);
    }
    if (per === WritePermissionVal && !canWrite) {
      return Promise.reject(OpenApiErrEnum.unAuth);
    }
    if (per === OwnerPermissionVal && !isOwner) {
      return Promise.reject(OpenApiErrEnum.unAuth);
    }
    return {
      openapi,
-      isOwner,
+      permission: new Permission({
-      canWrite
+        per
      })
    };
  })();
  return {
    ...result,
    openapi,
-    isOwner,
+    permission
    canWrite
  };
 }
--- a/projects/app/src/pages/api/core/dataset/folder/create.ts
+++ b/projects/app/src/pages/api/core/dataset/folder/create.ts
@@ -0,0 +1,88 @@
 import type { ApiRequestProps, ApiResponseType } from '@fastgpt/service/type/next';
 import { NextAPI } from '@/service/middleware/entry';
 import { MongoDataset } from '@fastgpt/service/core/dataset/schema';
 import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
 import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
 import {
  PerResourceTypeEnum,
  WritePermissionVal
 } from '@fastgpt/global/support/permission/constant';
 import { authDataset } from '@fastgpt/service/support/permission/dataset/auth';
 import { mongoSessionRun } from '@fastgpt/service/common/mongo/sessionRun';
 import { parseParentIdInMongo } from '@fastgpt/global/common/parentFolder/utils';
 import { FolderImgUrl } from '@fastgpt/global/common/file/image/constants';
 import { DatasetTypeEnum } from '@fastgpt/global/core/dataset/constants';
 import { DatasetDefaultPermissionVal } from '@fastgpt/global/support/permission/dataset/constant';
 import { getResourceAllClbs } from '@fastgpt/service/support/permission/controller';
 import { syncCollaborators } from '@fastgpt/service/support/permission/inheritPermission';
 export type DatasetFolderCreateQuery = {};
 export type DatasetFolderCreateBody = {
  parentId?: string;
  name: string;
  intro: string;
 };
 export type DatasetFolderCreateResponse = {};
 async function handler(
  req: ApiRequestProps<DatasetFolderCreateBody, DatasetFolderCreateQuery>,
  _res: ApiResponseType<any>
 ): Promise<DatasetFolderCreateResponse> {
  const { parentId, name, intro } = req.body;
  if (!name) {
    return Promise.reject(CommonErrEnum.missingParams);
  }
  const { tmbId, teamId } = await authUserPer({
    req,
    per: WritePermissionVal,
    authToken: true
  });
  const parentFolder = await (async () => {
    if (parentId) {
      return (
        await authDataset({
          datasetId: parentId,
          per: WritePermissionVal,
          req,
          authToken: true
        })
      ).dataset;
    }
  })();
  await mongoSessionRun(async (session) => {
    const app = await MongoDataset.create({
      ...parseParentIdInMongo(parentId),
      avatar: FolderImgUrl,
      name,
      intro,
      teamId,
      tmbId,
      type: DatasetTypeEnum.folder,
      defaultPermission: !!parentFolder
        ? parentFolder.defaultPermission
        : DatasetDefaultPermissionVal
    });
    if (parentId) {
      const parentClbs = await getResourceAllClbs({
        teamId,
        resourceId: parentId,
        resourceType: PerResourceTypeEnum.dataset,
        session
      });
      await syncCollaborators({
        resourceType: PerResourceTypeEnum.dataset,
        teamId,
        resourceId: app._id,
        collaborators: parentClbs,
        session
      });
    }
  });
  return {};
 }
 export default NextAPI(handler);
--- a/projects/app/src/pages/api/support/openapi/create.ts
+++ b/projects/app/src/pages/api/support/openapi/create.ts
@@ -1,23 +1,42 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
 import { customAlphabet } from 'nanoid';
 import type { EditApiKeyProps } from '@/global/support/openapi/api';
 import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
 import { WritePermissionVal } from '@fastgpt/global/support/permission/constant';
 import { getNanoid } from '@fastgpt/global/common/string/tools';
 import type { ApiRequestProps } from '@fastgpt/service/type/next';
 import { NextAPI } from '@/service/middleware/entry';
 import {
  ManagePermissionVal,
  WritePermissionVal
 } from '@fastgpt/global/support/permission/constant';
 import { authApp } from '@fastgpt/service/support/permission/app/auth';
 import { OpenApiErrEnum } from '@fastgpt/global/common/error/code/openapi';
-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+async function handler(req: ApiRequestProps<EditApiKeyProps>): Promise<string> {
-  try {
+  const { appId, name, limit } = req.body;
-    await connectToDatabase();
+  const { tmbId, teamId } = await (async () => {
-    const { appId, name, limit } = req.body as EditApiKeyProps;
+    if (!appId) {
-    const { teamId, tmbId } = await authUserPer({ req, authToken: true, per: WritePermissionVal });
+      // global apikey is being created, auth the tmb
      const { teamId, tmbId } = await authUserPer({
        req,
        authToken: true,
        per: WritePermissionVal
      });
      return { teamId, tmbId };
    } else {
      const { teamId, tmbId } = await authApp({
        req,
        per: ManagePermissionVal,
        appId,
        authToken: true
      });
      return { teamId, tmbId };
    }
  })();
  const count = await MongoOpenApi.find({ tmbId, appId }).countDocuments();
  if (count >= 10) {
-      throw new Error('最多 10 组 API 秘钥');
+    return Promise.reject(OpenApiErrEnum.exceedLimit);
  }
  const nanoid = getNanoid(Math.floor(Math.random() * 14) + 52);
@@ -31,14 +50,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
    name,
    limit
  });
-
+  return apiKey;
    jsonRes(res, {
      data: apiKey
    });
  } catch (err) {
    jsonRes(res, {
      code: 500,
      error: err
    });
  }
 }
 export default NextAPI(handler);
--- a/projects/app/src/pages/api/support/openapi/delete.ts
+++ b/projects/app/src/pages/api/support/openapi/delete.ts
@@ -4,6 +4,7 @@ import { connectToDatabase } from '@/service/mongo';
 import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
 import { authOpenApiKeyCrud } from '@fastgpt/service/support/permission/auth/openapi';
 import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
 import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  try {
@@ -11,7 +12,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
    const { id } = req.query as { id: string };
    if (!id) {
-      throw new Error('缺少参数');
+      return Promise.reject(CommonErrEnum.missingParams);
    }
    await authOpenApiKeyCrud({ req, authToken: true, id, per: OwnerPermissionVal });
--- a/projects/app/src/pages/api/support/openapi/list.ts
+++ b/projects/app/src/pages/api/support/openapi/list.ts
@@ -1,18 +1,16 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
 import type { GetApiKeyProps } from '@/global/support/openapi/api';
 import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
 import { authApp } from '@fastgpt/service/support/permission/app/auth';
 import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
 import type { ApiRequestProps } from '@fastgpt/service/type/next';
 import { NextAPI } from '@/service/middleware/entry';
-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+async function handler(req: ApiRequestProps<any, GetApiKeyProps>) {
-  try {
+  const { appId } = req.query;
    await connectToDatabase();
    const { appId } = req.query as GetApiKeyProps;
  if (appId) {
    // app-level apikey
    await authApp({
      req,
      authToken: true,
@@ -24,30 +22,21 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
      appId
    }).sort({ _id: -1 });
-      return jsonRes(res, {
+    return findResponse.map((item) => item.toObject());
        data: findResponse.map((item) => item.toObject())
      });
  }
-
+  // global apikey
  const { teamId, tmbId, permission } = await authUserPer({
    req,
-      authToken: true,
+    authToken: true
      per: ManagePermissionVal
  });
  const findResponse = await MongoOpenApi.find({
    appId,
    teamId,
-      ...(!permission.isOwner && { tmbId })
+    ...(!permission.hasManagePer && { tmbId }) // if not manager, read own key
  }).sort({ _id: -1 });
-    return jsonRes(res, {
+  return findResponse.map((item) => item.toObject());
      data: findResponse.map((item) => item.toObject())
    });
  } catch (err) {
    jsonRes(res, {
      code: 500,
      error: err
    });
  }
 }
 export default NextAPI(handler);
--- a/projects/app/src/pages/api/support/openapi/update.ts
+++ b/projects/app/src/pages/api/support/openapi/update.ts
@@ -1,15 +1,12 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
 import type { EditApiKeyProps } from '@/global/support/openapi/api.d';
 import { authOpenApiKeyCrud } from '@fastgpt/service/support/permission/auth/openapi';
 import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
 import type { ApiRequestProps } from '@fastgpt/service/type/next';
 import { NextAPI } from '@/service/middleware/entry';
-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+async function handler(req: ApiRequestProps<EditApiKeyProps & { _id: string }>): Promise<void> {
-  try {
+  const { _id, name, limit } = req.body;
    await connectToDatabase();
    const { _id, name, limit } = req.body as EditApiKeyProps & { _id: string };
  await authOpenApiKeyCrud({ req, authToken: true, id: _id, per: OwnerPermissionVal });
@@ -17,12 +14,6 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
    ...(name && { name }),
    ...(limit && { limit })
  });
    jsonRes(res);
  } catch (err) {
    jsonRes(res, {
      code: 500,
      error: err
    });
  }
 }
 export default NextAPI(handler);
--- a/projects/app/src/pages/api/support/outLink/create.ts
+++ b/projects/app/src/pages/api/support/outLink/create.ts
@@ -1,29 +1,33 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
 import { authApp } from '@fastgpt/service/support/permission/app/auth';
 import type { OutLinkEditType } from '@fastgpt/global/support/outLink/type.d';
 import { customAlphabet } from 'nanoid';
 import { PublishChannelEnum } from '@fastgpt/global/support/outLink/constant';
-import { WritePermissionVal } from '@fastgpt/global/support/permission/constant';
+import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
-const nanoid = customAlphabet('abcdefghijklmnopqrstuvwxyz1234567890', 24);
+import type { ApiRequestProps } from '@fastgpt/service/type/next';
 import { NextAPI } from '@/service/middleware/entry';
 /* create a shareChat */
-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+const nanoid = customAlphabet('abcdefghijklmnopqrstuvwxyz1234567890', 24);
-  try {
+
-    await connectToDatabase();
+export type OutLinkCreateQuery = {};
-    const { appId, ...props } = req.body as OutLinkEditType &
+export type OutLinkCreateBody = OutLinkEditType &
  OutLinkEditType & {
    appId: string;
    type: PublishChannelEnum;
  };
 export type OutLinkCreateResponse = string;
 async function handler(
  req: ApiRequestProps<OutLinkCreateBody, OutLinkCreateQuery>
 ): Promise<OutLinkCreateResponse> {
  const { appId, ...props } = req.body;
  const { teamId, tmbId } = await authApp({
    req,
    authToken: true,
    appId,
-      per: WritePermissionVal
+    per: ManagePermissionVal
  });
  const shareId = nanoid();
@@ -35,13 +39,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
    ...props
  });
-    jsonRes(res, {
+  return shareId;
      data: shareId
    });
  } catch (err) {
    jsonRes(res, {
      code: 500,
      error: err
    });
  }
 }
 export default NextAPI(handler);
--- a/projects/app/src/pages/api/support/outLink/delete.ts
+++ b/projects/app/src/pages/api/support/outLink/delete.ts
@@ -1,28 +1,23 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
 import { authOutLinkCrud } from '@fastgpt/service/support/permission/publish/authLink';
-import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
+import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
 import type { ApiRequestProps } from '@fastgpt/service/type/next';
 import { NextAPI } from '@/service/middleware/entry';
 export type OutLinkDeleteQuery = {
  id: string;
 };
 export type OutLinkDeleteBody = {};
 export type OutLinkDeleteResponse = {};
 /* delete a shareChat by shareChatId */
-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+async function handler(
-  try {
+  req: ApiRequestProps<OutLinkDeleteBody, OutLinkDeleteQuery>
-    await connectToDatabase();
+): Promise<OutLinkDeleteResponse> {
-
+  const { id } = req.query;
-    const { id } = req.query as {
+  await authOutLinkCrud({ req, outLinkId: id, authToken: true, per: OwnerPermissionVal });
      id: string;
    };
    await authOutLinkCrud({ req, outLinkId: id, authToken: true, per: ManagePermissionVal });
  await MongoOutLink.findByIdAndRemove(id);
-
+  return {};
    jsonRes(res);
  } catch (err) {
    jsonRes(res, {
      code: 500,
      error: err
    });
  }
 }
 export default NextAPI(handler);
--- a/projects/app/src/pages/api/support/outLink/list.ts
+++ b/projects/app/src/pages/api/support/outLink/list.ts
@@ -1,20 +1,20 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
 import { authApp } from '@fastgpt/service/support/permission/app/auth';
 import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
-
+import type { ApiRequestProps } from '@fastgpt/service/type/next';
-/* get shareChat list by appId */
+import { NextAPI } from '@/service/middleware/entry';
-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+import { OutLinkSchema } from '@fastgpt/global/support/outLink/type';
-  try {
+export type OutLinkListQuery = {
    await connectToDatabase();
    const { appId, type } = req.query as {
  appId: string;
  type: string;
-    };
+};
 export type OutLinkListBody = {};
 export type OutLinkListResponse = OutLinkSchema[];
 async function handler(
  req: ApiRequestProps<OutLinkListBody, OutLinkListQuery>
 ): Promise<OutLinkListResponse> {
  const { appId, type } = req.query;
  await authApp({
    req,
    authToken: true,
@@ -29,11 +29,6 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
    _id: -1
  });
-    jsonRes(res, { data });
+  return data;
  } catch (err) {
    jsonRes(res, {
      code: 500,
      error: err
    });
  }
 }
 export default NextAPI(handler);
--- a/projects/app/src/pages/api/support/outLink/update.ts
+++ b/projects/app/src/pages/api/support/outLink/update.ts
@@ -1,34 +1,31 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 import { jsonRes } from '@fastgpt/service/common/response';
 import { connectToDatabase } from '@/service/mongo';
 import { MongoOutLink } from '@fastgpt/service/support/outLink/schema';
 import type { OutLinkEditType } from '@fastgpt/global/support/outLink/type.d';
 import { authOutLinkCrud } from '@fastgpt/service/support/permission/publish/authLink';
-import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
+import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
 import type { ApiRequestProps } from '@fastgpt/service/type/next';
 import { NextAPI } from '@/service/middleware/entry';
 import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+export type OutLinkUpdateQuery = {};
-  try {
+export type OutLinkUpdateBody = OutLinkEditType & {};
-    await connectToDatabase();
+export type OutLinkUpdateResponse = {};
-    const { _id, name, responseDetail, limit } = req.body as OutLinkEditType & {};
+async function handler(
  req: ApiRequestProps<OutLinkUpdateBody, OutLinkUpdateQuery>
 ): Promise<OutLinkUpdateResponse> {
  const { _id, name, responseDetail, limit } = req.body;
  if (!_id) {
-      throw new Error('_id is required');
+    return Promise.reject(CommonErrEnum.missingParams);
  }
-    await authOutLinkCrud({ req, outLinkId: _id, authToken: true, per: ManagePermissionVal });
+  await authOutLinkCrud({ req, outLinkId: _id, authToken: true, per: OwnerPermissionVal });
  await MongoOutLink.findByIdAndUpdate(_id, {
    name,
    responseDetail,
    limit
  });
-
+  return {};
    jsonRes(res);
  } catch (err) {
    jsonRes(res, {
      code: 500,
      error: err
    });
  }
 }
 export default NextAPI(handler);