mirror of
https://github.com/labring/FastGPT.git
synced 2025-07-24 13:53:50 +00:00

* Revert "lafAccount add pat & re request when token invalid (#76)" (#77) This reverts commit 83d85dfe37adcaef4833385ea52ee79fd84720be. * perf: workflow ux * system config * Newflow (#89) * docs: Add doc for Xinference (#1266) Signed-off-by: Carson Yang <yangchuansheng33@gmail.com> * Revert "lafAccount add pat & re request when token invalid (#76)" (#77) This reverts commit 83d85dfe37adcaef4833385ea52ee79fd84720be. * perf: workflow ux * system config * Revert "lafAccount add pat & re request when token invalid (#76)" (#77) This reverts commit 83d85dfe37adcaef4833385ea52ee79fd84720be. * Revert "lafAccount add pat & re request when token invalid (#76)" (#77) This reverts commit 83d85dfe37adcaef4833385ea52ee79fd84720be. * Revert "lafAccount add pat & re request when token invalid (#76)" (#77) This reverts commit 83d85dfe37adcaef4833385ea52ee79fd84720be. * rename code * move code * update flow * input type selector * perf: workflow runtime * feat: node adapt newflow * feat: adapt plugin * feat: 360 connection * check workflow * perf: flow 性能 * change plugin input type (#81) * change plugin input type * plugin label mode * perf: nodecard * debug * perf: debug ui * connection ui * change workflow ui (#82) * feat: workflow debug * adapt openAPI for new workflow (#83) * adapt openAPI for new workflow * i18n * perf: plugin debug * plugin input ui * delete * perf: global variable select * fix rebase * perf: workflow performance * feat: input render type icon * input icon * adapt flow (#84) * adapt newflow * temp * temp * fix * feat: app schedule trigger * feat: app schedule trigger * perf: schedule ui * feat: ioslatevm run js code * perf: workflow varialbe table ui * feat: adapt simple mode * feat: adapt input params * output * feat: adapt tamplate * fix: ts * add if-else module (#86) * perf: worker * if else node * perf: tiktoken worker * fix: ts * perf: tiktoken * fix if-else node (#87) * fix if-else node * type * fix * perf: audio render * perf: Parallel worker * log * perf: if else node * adapt plugin * prompt * perf: reference ui * reference ui * handle ux * template ui and plugin tool * adapt v1 workflow * adapt v1 workflow completions * perf: time variables * feat: workflow keyboard shortcuts * adapt v1 workflow * update workflow example doc (#88) * fix: simple mode select tool --------- Signed-off-by: Carson Yang <yangchuansheng33@gmail.com> Co-authored-by: Carson Yang <yangchuansheng33@gmail.com> Co-authored-by: heheer <71265218+newfish-cmyk@users.noreply.github.com> * doc * perf: extract node * extra node field * update plugin version * doc * variable * change doc & fix prompt editor (#90) * fold workflow code * value type label --------- Signed-off-by: Carson Yang <yangchuansheng33@gmail.com> Co-authored-by: Carson Yang <yangchuansheng33@gmail.com> Co-authored-by: heheer <71265218+newfish-cmyk@users.noreply.github.com>
221 lines
5.7 KiB
TypeScript
221 lines
5.7 KiB
TypeScript
import Cookie from 'cookie';
|
|
import { ERROR_ENUM } from '@fastgpt/global/common/error/errorCode';
|
|
import jwt from 'jsonwebtoken';
|
|
import { NextApiResponse } from 'next';
|
|
import type { AuthModeType, ReqHeaderAuthType } from './type.d';
|
|
import { AuthUserTypeEnum } from '@fastgpt/global/support/permission/constant';
|
|
import { authOpenApiKey } from '../openapi/auth';
|
|
import { FileTokenQuery } from '@fastgpt/global/common/file/type';
|
|
|
|
/* create token */
|
|
export function createJWT(user: { _id?: string; team?: { teamId?: string; tmbId: string } }) {
|
|
const key = process.env.TOKEN_KEY as string;
|
|
const token = jwt.sign(
|
|
{
|
|
userId: String(user._id),
|
|
teamId: String(user.team?.teamId),
|
|
tmbId: String(user.team?.tmbId),
|
|
exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 7
|
|
},
|
|
key
|
|
);
|
|
return token;
|
|
}
|
|
|
|
// auth token
|
|
export function authJWT(token: string) {
|
|
return new Promise<{
|
|
userId: string;
|
|
teamId: string;
|
|
tmbId: string;
|
|
}>((resolve, reject) => {
|
|
const key = process.env.TOKEN_KEY as string;
|
|
|
|
jwt.verify(token, key, function (err, decoded: any) {
|
|
if (err || !decoded?.userId) {
|
|
reject(ERROR_ENUM.unAuthorization);
|
|
return;
|
|
}
|
|
|
|
resolve({
|
|
userId: decoded.userId,
|
|
teamId: decoded.teamId || '',
|
|
tmbId: decoded.tmbId
|
|
});
|
|
});
|
|
});
|
|
}
|
|
|
|
export async function parseHeaderCert({
|
|
req,
|
|
authToken = false,
|
|
authRoot = false,
|
|
authApiKey = false
|
|
}: AuthModeType) {
|
|
// parse jwt
|
|
async function authCookieToken(cookie?: string, token?: string) {
|
|
// 获取 cookie
|
|
const cookies = Cookie.parse(cookie || '');
|
|
const cookieToken = token || cookies.token;
|
|
|
|
if (!cookieToken) {
|
|
return Promise.reject(ERROR_ENUM.unAuthorization);
|
|
}
|
|
|
|
return await authJWT(cookieToken);
|
|
}
|
|
// from authorization get apikey
|
|
async function parseAuthorization(authorization?: string) {
|
|
if (!authorization) {
|
|
return Promise.reject(ERROR_ENUM.unAuthorization);
|
|
}
|
|
|
|
// Bearer fastgpt-xxxx-appId
|
|
const auth = authorization.split(' ')[1];
|
|
if (!auth) {
|
|
return Promise.reject(ERROR_ENUM.unAuthorization);
|
|
}
|
|
|
|
const { apikey, appId: authorizationAppid = '' } = await (async () => {
|
|
const arr = auth.split('-');
|
|
// abandon
|
|
if (arr.length === 3) {
|
|
return {
|
|
apikey: `${arr[0]}-${arr[1]}`,
|
|
appId: arr[2]
|
|
};
|
|
}
|
|
if (arr.length === 2) {
|
|
return {
|
|
apikey: auth
|
|
};
|
|
}
|
|
return Promise.reject(ERROR_ENUM.unAuthorization);
|
|
})();
|
|
|
|
// auth apikey
|
|
const { teamId, tmbId, appId: apiKeyAppId = '' } = await authOpenApiKey({ apikey });
|
|
|
|
return {
|
|
uid: '',
|
|
teamId,
|
|
tmbId,
|
|
apikey,
|
|
appId: apiKeyAppId || authorizationAppid
|
|
};
|
|
}
|
|
// root user
|
|
async function parseRootKey(rootKey?: string) {
|
|
if (!rootKey || !process.env.ROOT_KEY || rootKey !== process.env.ROOT_KEY) {
|
|
return Promise.reject(ERROR_ENUM.unAuthorization);
|
|
}
|
|
}
|
|
|
|
const { cookie, token, rootkey, authorization } = (req.headers || {}) as ReqHeaderAuthType;
|
|
|
|
const { uid, teamId, tmbId, appId, openApiKey, authType } = await (async () => {
|
|
if (authApiKey && authorization) {
|
|
// apikey from authorization
|
|
const authResponse = await parseAuthorization(authorization);
|
|
return {
|
|
uid: authResponse.uid,
|
|
teamId: authResponse.teamId,
|
|
tmbId: authResponse.tmbId,
|
|
appId: authResponse.appId,
|
|
openApiKey: authResponse.apikey,
|
|
authType: AuthUserTypeEnum.apikey
|
|
};
|
|
}
|
|
if (authToken && (token || cookie)) {
|
|
// user token(from fastgpt web)
|
|
const res = await authCookieToken(cookie, token);
|
|
return {
|
|
uid: res.userId,
|
|
teamId: res.teamId,
|
|
tmbId: res.tmbId,
|
|
appId: '',
|
|
openApiKey: '',
|
|
authType: AuthUserTypeEnum.token
|
|
};
|
|
}
|
|
if (authRoot && rootkey) {
|
|
await parseRootKey(rootkey);
|
|
// root user
|
|
return {
|
|
uid: '',
|
|
teamId: '',
|
|
tmbId: '',
|
|
appId: '',
|
|
openApiKey: '',
|
|
authType: AuthUserTypeEnum.root
|
|
};
|
|
}
|
|
|
|
return Promise.reject(ERROR_ENUM.unAuthorization);
|
|
})();
|
|
|
|
if (!authRoot && (!teamId || !tmbId)) {
|
|
return Promise.reject(ERROR_ENUM.unAuthorization);
|
|
}
|
|
|
|
return {
|
|
userId: String(uid),
|
|
teamId: String(teamId),
|
|
tmbId: String(tmbId),
|
|
appId,
|
|
authType,
|
|
apikey: openApiKey
|
|
};
|
|
}
|
|
|
|
/* set cookie */
|
|
export const setCookie = (res: NextApiResponse, token: string) => {
|
|
res.setHeader(
|
|
'Set-Cookie',
|
|
`token=${token}; Path=/; HttpOnly; Max-Age=604800; Samesite=Strict; Secure;`
|
|
);
|
|
};
|
|
/* clear cookie */
|
|
export const clearCookie = (res: NextApiResponse) => {
|
|
res.setHeader('Set-Cookie', 'token=; Path=/; Max-Age=0');
|
|
};
|
|
|
|
/* file permission */
|
|
export const createFileToken = (data: FileTokenQuery) => {
|
|
if (!process.env.FILE_TOKEN_KEY) {
|
|
return Promise.reject('System unset FILE_TOKEN_KEY');
|
|
}
|
|
const expiredTime = Math.floor(Date.now() / 1000) + 60 * 30;
|
|
|
|
const key = process.env.FILE_TOKEN_KEY as string;
|
|
const token = jwt.sign(
|
|
{
|
|
...data,
|
|
exp: expiredTime
|
|
},
|
|
key
|
|
);
|
|
return Promise.resolve(token);
|
|
};
|
|
|
|
export const authFileToken = (token?: string) =>
|
|
new Promise<FileTokenQuery>((resolve, reject) => {
|
|
if (!token) {
|
|
return reject(ERROR_ENUM.unAuthFile);
|
|
}
|
|
const key = process.env.FILE_TOKEN_KEY as string;
|
|
|
|
jwt.verify(token, key, function (err, decoded: any) {
|
|
if (err || !decoded.bucketName || !decoded?.teamId || !decoded?.tmbId || !decoded?.fileId) {
|
|
reject(ERROR_ENUM.unAuthFile);
|
|
return;
|
|
}
|
|
resolve({
|
|
bucketName: decoded.bucketName,
|
|
teamId: decoded.teamId,
|
|
tmbId: decoded.tmbId,
|
|
fileId: decoded.fileId
|
|
});
|
|
});
|
|
});
|