Commit d0792ee3 authored by Eric's avatar Eric

[update] add download\upload\connect action pem validate

parent 04326cc4
...@@ -116,6 +116,11 @@ func (fs *sftpHandler) Filelist(r *sftp.Request) (sftp.ListerAt, error) { ...@@ -116,6 +116,11 @@ func (fs *sftpHandler) Filelist(r *sftp.Request) (sftp.ListerAt, error) {
return nil, sftp.ErrSshFxNoSuchFile return nil, sftp.ErrSshFxNoSuchFile
} }
realPath = sysUserDir.ParsePath(r.Filepath) realPath = sysUserDir.ParsePath(r.Filepath)
if !fs.validatePermission(hostDir.asset.ID, sysUserDir.systemUser.ID, model.ConnectAction) {
return nil, sftp.ErrSshFxPermissionDenied
}
if sysUserDir.client == nil { if sysUserDir.client == nil {
client, conn, err := fs.GetSftpClient(hostDir.asset, sysUserDir.systemUser) client, conn, err := fs.GetSftpClient(hostDir.asset, sysUserDir.systemUser)
if err != nil { if err != nil {
...@@ -155,6 +160,11 @@ func (fs *sftpHandler) Filecmd(r *sftp.Request) (err error) { ...@@ -155,6 +160,11 @@ func (fs *sftpHandler) Filecmd(r *sftp.Request) (err error) {
} }
hostDir := fs.hosts[pathNames[0]] hostDir := fs.hosts[pathNames[0]]
suDir := hostDir.suMaps[pathNames[1]] suDir := hostDir.suMaps[pathNames[1]]
if !fs.validatePermission(hostDir.asset.ID, suDir.systemUser.ID, model.ConnectAction) {
return sftp.ErrSshFxPermissionDenied
}
if suDir.client == nil { if suDir.client == nil {
client, conn, err := fs.GetSftpClient(hostDir.asset, suDir.systemUser) client, conn, err := fs.GetSftpClient(hostDir.asset, suDir.systemUser)
if err != nil { if err != nil {
...@@ -210,6 +220,11 @@ func (fs *sftpHandler) Filewrite(r *sftp.Request) (io.WriterAt, error) { ...@@ -210,6 +220,11 @@ func (fs *sftpHandler) Filewrite(r *sftp.Request) (io.WriterAt, error) {
} }
hostDir := fs.hosts[pathNames[0]] hostDir := fs.hosts[pathNames[0]]
suDir := hostDir.suMaps[pathNames[1]] suDir := hostDir.suMaps[pathNames[1]]
if !fs.validatePermission(hostDir.asset.ID, suDir.systemUser.ID, model.UploadAction) {
return nil, sftp.ErrSshFxPermissionDenied
}
if suDir.client == nil { if suDir.client == nil {
client, conn, err := fs.GetSftpClient(hostDir.asset, suDir.systemUser) client, conn, err := fs.GetSftpClient(hostDir.asset, suDir.systemUser)
if err != nil { if err != nil {
...@@ -246,6 +261,9 @@ func (fs *sftpHandler) Fileread(r *sftp.Request) (io.ReaderAt, error) { ...@@ -246,6 +261,9 @@ func (fs *sftpHandler) Fileread(r *sftp.Request) (io.ReaderAt, error) {
} }
hostDir := fs.hosts[pathNames[0]] hostDir := fs.hosts[pathNames[0]]
suDir := hostDir.suMaps[pathNames[1]] suDir := hostDir.suMaps[pathNames[1]]
if !fs.validatePermission(hostDir.asset.ID, suDir.systemUser.ID, model.DownloadAction) {
return nil, sftp.ErrSshFxPermissionDenied
}
if suDir.client == nil { if suDir.client == nil {
ftpClient, client, err := fs.GetSftpClient(hostDir.asset, suDir.systemUser) ftpClient, client, err := fs.GetSftpClient(hostDir.asset, suDir.systemUser)
if err != nil { if err != nil {
...@@ -312,6 +330,12 @@ func (fs *sftpHandler) Close() { ...@@ -312,6 +330,12 @@ func (fs *sftpHandler) Close() {
} }
} }
func (fs *sftpHandler) validatePermission(aid, suid, operate string) bool {
return service.ValidateUserAssetPermission(
fs.user.ID, aid, suid, operate,
)
}
type HostNameDir struct { type HostNameDir struct {
rootPath string rootPath string
hostname string hostname string
......
...@@ -117,6 +117,9 @@ func (u *UserVolume) Info(path string) (elfinder.FileDir, error) { ...@@ -117,6 +117,9 @@ func (u *UserVolume) Info(path string) (elfinder.FileDir, error) {
if path == sysUserVol.suPath { if path == sysUserVol.suPath {
return sysUserVol.info(), nil return sysUserVol.info(), nil
} }
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.ConnectAction) {
return rest, os.ErrPermission
}
realPath := sysUserVol.ParsePath(path) realPath := sysUserVol.ParsePath(path)
if sysUserVol.client == nil { if sysUserVol.client == nil {
...@@ -261,6 +264,11 @@ func (u *UserVolume) GetFile(path string) (reader io.ReadCloser, err error) { ...@@ -261,6 +264,11 @@ func (u *UserVolume) GetFile(path string) (reader io.ReadCloser, err error) {
if !ok { if !ok {
return nil, os.ErrNotExist return nil, os.ErrNotExist
} }
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.DownloadAction) {
return nil, os.ErrPermission
}
realPath := sysUserVol.ParsePath(path) realPath := sysUserVol.ParsePath(path)
if sysUserVol.client == nil { if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser) sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
...@@ -337,6 +345,9 @@ func (u *UserVolume) UploadFile(dir, filename string, reader io.Reader) (elfinde ...@@ -337,6 +345,9 @@ func (u *UserVolume) UploadFile(dir, filename string, reader io.Reader) (elfinde
} }
realFilenamePath := filepath.Join(realPath, filename) realFilenamePath := filepath.Join(realPath, filename)
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.UploadAction) {
return rest, os.ErrPermission
}
fd, err := sysUserVol.client.Create(realFilenamePath) fd, err := sysUserVol.client.Create(realFilenamePath)
if err != nil { if err != nil {
...@@ -416,6 +427,16 @@ func (u *UserVolume) MergeChunk(cid, total int, dirPath, filename string) (elfin ...@@ -416,6 +427,16 @@ func (u *UserVolume) MergeChunk(cid, total int, dirPath, filename string) (elfin
if !ok { if !ok {
return rest, os.ErrNotExist return rest, os.ErrNotExist
} }
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.UploadAction) {
for i := 0; i <= total; i++ {
partPath := fmt.Sprintf("%s.%d_%d.part_%d",
filepath.Join(u.localTmpPath, dirPath, filename), i, total, cid)
_ = os.Remove(partPath)
}
return rest, os.ErrPermission
}
realDirPath := sysUserVol.ParsePath(dirPath) realDirPath := sysUserVol.ParsePath(dirPath)
if sysUserVol.client == nil { if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser) sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
...@@ -511,6 +532,11 @@ func (u *UserVolume) MakeDir(dir, newDirname string) (elfinder.FileDir, error) { ...@@ -511,6 +532,11 @@ func (u *UserVolume) MakeDir(dir, newDirname string) (elfinder.FileDir, error) {
if !ok { if !ok {
return rest, os.ErrNotExist return rest, os.ErrNotExist
} }
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.ConnectAction) {
return rest, os.ErrPermission
}
realPath := sysUserVol.ParsePath(dir) realPath := sysUserVol.ParsePath(dir)
if sysUserVol.client == nil { if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser) sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
...@@ -574,6 +600,11 @@ func (u *UserVolume) MakeFile(dir, newFilename string) (elfinder.FileDir, error) ...@@ -574,6 +600,11 @@ func (u *UserVolume) MakeFile(dir, newFilename string) (elfinder.FileDir, error)
if !ok { if !ok {
return rest, os.ErrNotExist return rest, os.ErrNotExist
} }
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.ConnectAction) {
return rest, os.ErrPermission
}
realPath := sysUserVol.ParsePath(dir) realPath := sysUserVol.ParsePath(dir)
if sysUserVol.client == nil { if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser) sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
...@@ -633,6 +664,10 @@ func (u *UserVolume) Rename(oldNamePath, newName string) (elfinder.FileDir, erro ...@@ -633,6 +664,10 @@ func (u *UserVolume) Rename(oldNamePath, newName string) (elfinder.FileDir, erro
return rest, os.ErrPermission return rest, os.ErrPermission
} }
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.ConnectAction) {
return rest, os.ErrPermission
}
realPath := sysUserVol.ParsePath(oldNamePath) realPath := sysUserVol.ParsePath(oldNamePath)
if sysUserVol.client == nil { if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser) sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
...@@ -698,6 +733,11 @@ func (u *UserVolume) Remove(path string) error { ...@@ -698,6 +733,11 @@ func (u *UserVolume) Remove(path string) error {
if sysUserVol.suPath == path { if sysUserVol.suPath == path {
return os.ErrPermission return os.ErrPermission
} }
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.ConnectAction) {
return os.ErrPermission
}
realPath := sysUserVol.ParsePath(path) realPath := sysUserVol.ParsePath(path)
if sysUserVol.client == nil { if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser) sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
...@@ -760,6 +800,10 @@ func (u *UserVolume) Paste(dir, filename, suffix string, reader io.ReadCloser) ( ...@@ -760,6 +800,10 @@ func (u *UserVolume) Paste(dir, filename, suffix string, reader io.ReadCloser) (
if !ok { if !ok {
return rest, os.ErrNotExist return rest, os.ErrNotExist
} }
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.UploadAction) {
return rest, os.ErrPermission
}
realPath := sysUserVol.ParsePath(dir) realPath := sysUserVol.ParsePath(dir)
if sysUserVol.client == nil { if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser) sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
...@@ -846,6 +890,12 @@ func (u *UserVolume) CreateFTPLog(data *model.FTPLog) { ...@@ -846,6 +890,12 @@ func (u *UserVolume) CreateFTPLog(data *model.FTPLog) {
} }
} }
func (u *UserVolume) validatePermission(aid, suid, operate string) bool {
return service.ValidateUserAssetPermission(
u.user.ID, aid, suid, operate,
)
}
type hostnameVolume struct { type hostnameVolume struct {
VID string VID string
homePath string homePath string
......
...@@ -178,6 +178,12 @@ func SortAssetNodesByKey(assetNodes []Node) { ...@@ -178,6 +178,12 @@ func SortAssetNodesByKey(assetNodes []Node) {
const LoginModeManual = "manual" const LoginModeManual = "manual"
const (
ConnectAction = "connect"
UploadAction = "upload_file"
DownloadAction = "download_file"
)
type SystemUser struct { type SystemUser struct {
ID string `json:"id"` ID string `json:"id"`
Name string `json:"name"` Name string `json:"name"`
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment