[Update] 优化结构

f8bee143 · ibuler · a0f50731 · f8bee143 · a0f50731 · f8bee143
Commit f8bee143 authored Apr 19, 2019 by ibuler
23 changed files
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -17,6 +17,14 @@
  revision = "4b72c663cfb315ecfb9f6be5c106c0c693ce196b"
  version = "v0.1.3"

+[[projects]]
+  digest = "1:e77a03f1e4f1e4e035e46dc3cd79b1e33acbf651540aaa5e148caf1296884d18"
+  name = "github.com/jarcoal/httpmock"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "e598472b238f5d2a505e1316886da2171f86bfa4"
+  version = "v1.0.3"
+
 [[projects]]
  digest = "1:31e761d97c76151dde79e9d28964a812c46efc5baee4085b86f68f0c654450de"
  name = "github.com/konsorten/go-windows-terminal-sequences"
@@ -107,6 +115,7 @@
  analyzer-version = 1
  input-imports = [
    "github.com/gliderlabs/ssh",
+    "github.com/jarcoal/httpmock",
    "github.com/olekukonko/tablewriter",
    "github.com/satori/go.uuid",
    "github.com/sirupsen/logrus",

--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
-package auth
-
-import "fmt"
-
-type accessAuth struct {
-	accessKey    string
-	accessSecret string
-}
-
-func (a accessAuth) Signature(date string) string {
-	return fmt.Sprintf("Sign %s:%s", a.accessKey, MakeSignature(a.accessSecret, date))
-}
--- a/pkg/auth/server.go
+++ b/pkg/auth/server.go
+package auth
+
+import (
+	"github.com/gliderlabs/ssh"
+
+	"cocogo/pkg/common"
+	"cocogo/pkg/service"
+)
+
+func CheckUserPublicKey(ctx ssh.Context, key ssh.PublicKey) bool {
+	username := ctx.User()
+	b := key.Marshal()
+	publicKeyBase64 := common.Base64Encode(string(b))
+	remoteAddr := ctx.RemoteAddr().String()
+	authUser, err := service.CheckAuth(username, "", publicKeyBase64, remoteAddr, "T")
+	if err != nil {
+		return false
+	}
+	ctx.SetValue("LoginUser", authUser)
+	return true
+
+}
--- a/pkg/auth/urls.go
+++ b/pkg/auth/urls.go
-package auth
-
-const (
-	TerminalRegisterUrl    = "/api/terminal/v2/terminal-registrations/"          // 注册当前coco
-	TerminalConfigUrl      = "/api/terminal/v1/terminal/config/"                 // 从jumpserver获取coco的配置
-	UserAuthUrl            = "/api/users/v1/auth/"                               // post 验证用户登陆
-	UserProfileUrl         = "/api/users/v1/profile/"                            // 获取当前用户的基本信息
-	UserAssetsUrl          = "/api/perms/v1/user/%s/assets/"                     //获取用户授权的所有资产
-	UserNodesAssetsUrl     = "/api/perms/v1/user/%s/nodes-assets/"               // 获取用户授权的所有节点信息 节点分组
-	SystemUserAssetAuthUrl = "/api/assets/v1/system-user/%s/asset/%s/auth-info/" // 该系统用户对某资产的授权
-	SystemUserAuthUrl      = "/api/assets/v1/system-user/%s/auth-info/"          // 该系统用户的授权
-
-	ValidateUserAssetPermission = "/api/perms/v1/asset-permission/user/validate/" //0不使用缓存 1 使用缓存 2 刷新缓存
-
-	SessionList   = "/api/terminal/v1/sessions/"           //上传创建的资产会话session id
-	SessionDetail = "/api/terminal/v1/sessions/%s/"        // finish session的时候发送
-	SessionReplay = "/api/terminal/v1/sessions/%s/replay/" //上传录像
-)
-
-/*
-/api/assets/v1/system-user/%s/asset/%s/auth-info/
-/api/assets/v1/system-user/fbd39f8c-fa3e-4c2b-948e-ce1e0380b4f9/cmd-filter-rules/
-*/
--- a/pkg/common/client.go
+++ b/pkg/common/client.go
+package common
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	neturl "net/url"
+	"reflect"
+	"strings"
+	"time"
+)
+
+type Client struct {
+	Timeout       time.Duration
+	Headers       map[string]string
+	BaseHost      string
+	basicAuth     []string
+	authorization string
+	cookie        map[string]string
+}
+
+func NewClient() *Client {
+	headers := make(map[string]string, 1)
+	return &Client{
+		Timeout: 30,
+		Headers: headers,
+		cookie:  make(map[string]string, 0),
+	}
+}
+
+func (c *Client) SetBasicAuth(username, password string) {
+	c.basicAuth = append(c.basicAuth, username)
+	c.basicAuth = append(c.basicAuth, password)
+}
+
+func (c *Client) SetAuth(authorization string) {
+	c.authorization = authorization
+}
+
+func (c *Client) SetCookie(k, v string) {
+	c.cookie[k] = v
+}
+
+func (c *Client) marshalData(data interface{}) (reader io.Reader, error error) {
+	dataRaw, err := json.Marshal(data)
+	if err != nil {
+		return
+	}
+	reader = bytes.NewReader(dataRaw)
+	return
+}
+
+func (c *Client) ParseUrl(url string) string {
+	return url
+}
+
+func (c *Client) ConstructUrl(url string) string {
+	if c.BaseHost != "" {
+		url = strings.TrimRight(c.BaseHost, "/") + url
+	}
+	return url
+}
+
+func (c *Client) NewRequest(method, url string, body interface{}) (req *http.Request, err error) {
+	url = c.ConstructUrl(url)
+	reader, err := c.marshalData(body)
+	if err != nil {
+		return
+	}
+	return http.NewRequest(method, url, reader)
+}
+
+// Do wrapper http.Client Do() for using auth and error handle
+func (c *Client) Do(req *http.Request, res interface{}) (err error) {
+	// Custom our client
+	client := http.DefaultClient
+	client.Timeout = c.Timeout * time.Second
+	if len(c.basicAuth) == 2 {
+		req.SetBasicAuth(c.basicAuth[0], c.basicAuth[1])
+	}
+	if c.authorization != "" {
+		req.Header.Add("Authorization", c.authorization)
+	}
+	if len(c.cookie) != 0 {
+		cookie := make([]string, 0)
+		for k, v := range c.cookie {
+			cookie = append(cookie, fmt.Sprintf("%s=%s", k, v))
+		}
+		req.Header.Add("Cookie", strings.Join(cookie, ";"))
+	}
+	if len(c.Headers) != 0 {
+		for k, v := range c.Headers {
+			req.Header.Set(k, v)
+		}
+	}
+	if req.Header.Get("Content-Type") == "" {
+		req.Header.Set("Content-Type", "application/json")
+	}
+	req.Header.Set("User-Agent", "coco-client")
+
+	// Request it
+	resp, err := client.Do(req)
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if resp.StatusCode >= 400 {
+		err = errors.New(fmt.Sprintf("%s %s failed, get code: %d, %s", req.Method, req.URL, resp.StatusCode, string(body)))
+		return
+	}
+
+	// Unmarshal response body to result struct
+	if res != nil {
+		err = json.Unmarshal(body, res)
+		if err != nil {
+			msg := fmt.Sprintf("Failed %s %s, unmarshal `%s` response failed", req.Method, req.URL, string(body)[:50])
+			return errors.New(msg)
+		}
+	}
+	return nil
+}
+
+func (c *Client) Get(url string, res interface{}, params ...map[string]string) (err error) {
+	if len(params) == 1 {
+		paramSlice := make([]string, 1)
+		for k, v := range params[0] {
+			paramSlice = append(paramSlice, fmt.Sprintf("%s=%s", k, v))
+		}
+		param := strings.Join(paramSlice, "&")
+		if strings.Contains(url, "?") {
+			url += "&" + param
+		} else {
+			url += "?" + param
+		}
+	}
+	req, err := c.NewRequest("GET", url, nil)
+	if err != nil {
+		return
+	}
+	err = c.Do(req, res)
+	return err
+}
+
+func (c *Client) Post(url string, data interface{}, res interface{}) (err error) {
+	req, err := c.NewRequest("POST", url, data)
+	if err != nil {
+		return
+	}
+	err = c.Do(req, res)
+	return err
+}
+
+func (c *Client) Delete(url string, res interface{}) (err error) {
+	req, err := c.NewRequest("DELETE", url, nil)
+	err = c.Do(req, res)
+	return err
+}
+
+func (c *Client) Put(url string, data interface{}, res interface{}) (err error) {
+	req, err := c.NewRequest("PUT", url, data)
+	if err != nil {
+		return
+	}
+	err = c.Do(req, res)
+	return err
+}
+
+func (c *Client) Patch(url string, data interface{}, res interface{}) (err error) {
+	req, err := c.NewRequest("PATCH", url, data)
+	if err != nil {
+		return
+	}
+	err = c.Do(req, res)
+	return err
+}
+
+func (c *Client) PostForm(url string, data interface{}, res interface{}) (err error) {
+	values := neturl.Values{}
+	if data != nil {
+		rcvr := reflect.ValueOf(data)
+		tp := reflect.Indirect(rcvr).Type()
+		val := reflect.Indirect(rcvr)
+
+		for i := 0; i < tp.NumField(); i++ {
+			tag := tp.Field(i).Tag.Get("json")
+			var v string
+			switch tp.Field(i).Type.Name() {
+			case "string":
+				v = val.Field(i).String()
+			default:
+				attr, err := json.Marshal(val.Field(i).Interface())
+				if err != nil {
+					return err
+				}
+				v = string(attr)
+			}
+			values.Set(tag, v)
+		}
+	}
+
+	reader := strings.NewReader(values.Encode())
+	req, err := http.NewRequest("POST", url, reader)
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	err = c.Do(req, res)
+	return err
+}
--- a/pkg/common/client_test.go
+++ b/pkg/common/client_test.go
+package common
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"testing"
+
+	"github.com/jarcoal/httpmock"
+)
+
+const (
+	username = "admin"
+	password = "admin"
+	usersUrl = "http://localhost/api/v1/users"
+)
+
+type User struct {
+	ID   int    `json:"id"`
+	Name string `json:"name"`
+	Age  int    `json:"age"`
+}
+
+var users = []User{{ID: 1, Name: "Guanghongwei", Age: 18}, {ID: 2, Name: "ibuler", Age: 19}}
+var user = User{ID: 2, Name: "Jumpserver", Age: 5}
+var userDeleteUrl = fmt.Sprintf("%s/%d", usersUrl, user.ID)
+
+func TestClient_Do(t *testing.T) {
+	c := NewClient()
+	req, err := http.NewRequest("GET", usersUrl, nil)
+	if err != nil {
+		t.Error("Failed NewRequest() ...")
+	}
+
+	err = c.Do(req, nil)
+	if err == nil {
+		t.Error("Failed Do(), want get err but not")
+	}
+	c.SetBasicAuth(username, password)
+	var res []User
+	err = c.Do(req, &res)
+	if err != nil {
+		t.Errorf("Failed Do(), %s", err.Error())
+	}
+	if len(res) != 2 {
+		t.Errorf("User not equal 2")
+	}
+}
+
+func TestClient_Get(t *testing.T) {
+	c := NewClient()
+	err := c.Get(usersUrl, nil)
+	if err == nil {
+		t.Errorf("Failed Get(%s): want get err but not", usersUrl)
+	}
+	c.SetBasicAuth(username, password)
+	err = c.Get(usersUrl, nil)
+	if err != nil {
+		t.Errorf("Failed Get(%s): %s", usersUrl, err.Error())
+	}
+}
+
+func TestClient_Post(t *testing.T) {
+	c := NewClient()
+	var userCreated User
+	err := c.Post(usersUrl, user, &userCreated)
+	if err != nil {
+		t.Errorf("Failed Post(): %s", err.Error())
+	}
+	if userCreated.ID != user.ID {
+		t.Errorf("Failed Post(), id not euqal: %d != %d", userCreated.ID, user.ID)
+	}
+}
+
+func TestClient_Put(t *testing.T) {
+	c := NewClient()
+	var userUpdated User
+	err := c.Put(usersUrl, user, &userUpdated)
+	if err != nil {
+		t.Errorf("Failed Put(): %s", err.Error())
+	}
+	if userUpdated.ID != user.ID {
+		t.Errorf("Failed Post(), id not euqal: %d != %d", userUpdated.ID, user.ID)
+	}
+}
+
+func TestClient_Delete(t *testing.T) {
+	c := NewClient()
+	c.SetBasicAuth(username, password)
+	err := c.Delete(userDeleteUrl, nil)
+	if err != nil {
+		t.Errorf("Failed Delete(): %s", err.Error())
+	}
+}
+
+func PrepareMockData() {
+	httpmock.RegisterResponder("GET", usersUrl,
+		func(req *http.Request) (*http.Response, error) {
+			u, p, ok := req.BasicAuth()
+			if !ok || u != username || p != password {
+				return httpmock.NewStringResponse(401, ""), nil
+			}
+			resp, err := httpmock.NewJsonResponse(200, users)
+			if err != nil {
+				return httpmock.NewStringResponse(500, ""), nil
+			}
+			return resp, nil
+		},
+	)
+
+	resp, err := httpmock.NewJsonResponder(201, user)
+	if err != nil {
+		fmt.Println("Create post reps failed")
+	}
+	httpmock.RegisterResponder("POST", usersUrl, resp)
+	httpmock.RegisterResponder("PUT", usersUrl, resp)
+	httpmock.RegisterResponder("DELETE", userDeleteUrl, httpmock.NewStringResponder(204, ""))
+}
+
+func TestMain(m *testing.M) {
+	httpmock.Activate()
+	PrepareMockData()
+	defer httpmock.DeactivateAndReset()
+	code := m.Run()
+	os.Exit(code)
+}
--- a/pkg/auth/httputil.go
+++ b/pkg/auth/httputil.go
-package auth
+package common

 import (
 	"crypto/md5"
 	"encoding/base64"
 	"fmt"
+	log "github.com/sirupsen/logrus"
 	"os"
 	"path/filepath"
 	"strings"

--- a/pkg/config/config.go
+++ b/pkg/config/config.go
 package config

 import (
+	"encoding/json"
 	"fmt"
-	log "github.com/sirupsen/logrus"
 	"io/ioutil"
 	"os"
+	"strings"
 	"sync"
+	"time"

+	log "github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v2"
 )

 type Config struct {
-	Name              string `yaml:"NAME"`
-	CoreHost          string `yaml:"CORE_HOST"`
-	BootstrapToken    string `yaml:"BOOTSTRAP_TOKEN"`
-	BindHost          string `yaml:"BIND_HOST"`
-	SshPort           int    `yaml:"SSHD_PORT"`
-	HTTPPort          int    `yaml:"HTTPD_PORT"`
-	CustomerAccessKey string `yaml:"ACCESS_KEY"`
-	AccessKeyFile     string `yaml:"ACCESS_KEY_FILE"`
-	LogLevel          string `yaml:"LOG_LEVEL"`
-	HeartBeat         int    `yaml:"HEARTBEAT_INTERVAL"`
-	RootPath          string
-	Comment           string
-	TermConfig        *TerminalConfig
+	AssetListPageSize   string            `json:"TERMINAL_ASSET_LIST_PAGE_SIZE"`
+	AssetListSortBy     string            `json:"TERMINAL_ASSET_LIST_SORT_BY"`
+	HeaderTitle         string            `json:"TERMINAL_HEADER_TITLE"`
+	HostKey             string            `json:"TERMINAL_HOST_KEY" yaml:"HOST_KEY"`
+	PasswordAuth        bool              `json:"TERMINAL_PASSWORD_AUTH" yaml:"PASSWORD_AUTH"`
+	PublicKeyAuth       bool              `json:"TERMINAL_PUBLIC_KEY_AUTH" yaml:"PUBLIC_KEY_AUTH"`
+	CommandStorage      map[string]string `json:"TERMINAL_COMMAND_STORAGE"`
+	ReplayStorage       map[string]string `json:"TERMINAL_REPLAY_STORAGE" yaml:"REPLAY_STORAGE"`
+	SessionKeepDuration int               `json:"TERMINAL_SESSION_KEEP_DURATION"`
+	TelnetRegex         string            `json:"TERMINAL_TELNET_REGEX"`
+	MaxIdleTime         time.Duration     `json:"SECURITY_MAX_IDLE_TIME"`
+	Name                string            `yaml:"NAME"`
+	CoreHost            string            `yaml:"CORE_HOST"`
+	BootstrapToken      string            `yaml:"BOOTSTRAP_TOKEN"`
+	BindHost            string            `yaml:"BIND_HOST"`
+	SSHPort             int               `yaml:"SSHD_PORT"`
+	HTTPPort            int               `yaml:"HTTPD_PORT"`
+	AccessKey           string            `yaml:"ACCESS_KEY"`
+	AccessKeyFile       string            `yaml:"ACCESS_KEY_FILE"`
+	LogLevel            string            `yaml:"LOG_LEVEL"`
+	HeartbeatDuration   time.Duration     `yaml:"HEARTBEAT_INTERVAL"`
+	RootPath            string
+	Comment             string
+
+	mux sync.RWMutex
 }

+func (c *Config) EnsureConfigValid() {
+}

-var mux = new(sync.RWMutex)
-var name, _ = os.Hostname()
-var rootPath, _ = os.Getwd()
-var conf = &Config{
-	Name:              name,
-	CoreHost:          "http://localhost:8080",
-	BootstrapToken:    "",
-	BindHost:          "0.0.0.0",
-	SshPort:           2222,
-	HTTPPort:          5000,
-	CustomerAccessKey: "",
-	AccessKeyFile:     "data/keys/.access_key",
-	LogLevel:          "DEBUG",
-	RootPath:          rootPath,
-	Comment:           "Coco",
-	TermConfig:        &TerminalConfig{},
+func (c *Config) LoadFromYAML(body []byte) error {
+	c.mux.Lock()
+	defer c.mux.Unlock()
+	err := yaml.Unmarshal(body, c)
+	if err != nil {
+		log.Errorf("Load yaml error: %v", err)
+	}
+	return err
 }

-func LoadFromYaml(filepath string) *Config {
+func (c *Config) LoadFromYAMLPath(filepath string) error {
 	body, err := ioutil.ReadFile(filepath)
 	if err != nil {
 		log.Errorf("Not found file: %s", filepath)
 		os.Exit(1)
 	}
-	e := yaml.Unmarshal(body, conf)
-	if e != nil {
+	return c.LoadFromYAML(body)
+}
+
+func (c *Config) LoadFromJSON(body []byte) error {
+	c.mux.Lock()
+	defer c.mux.Unlock()
+	err := json.Unmarshal(body, c)
+	if err != nil {
 		fmt.Println("Load yaml err")
 		os.Exit(1)
 	}
-	return conf
-
+	return nil
 }

-func GetGlobalConfig() *Config {
-	mux.RLock()
-	defer mux.RUnlock()
-	return conf
+func (c *Config) LoadFromEnv() error {
+	envMap := map[string]string{}
+	env := os.Environ()
+	for _, v := range env {
+		vSlice := strings.Split(v, "=")
+		envMap[vSlice[0]] = envMap[vSlice[1]]
+	}
+	envYAML, err := yaml.Marshal(envMap)
+	if err != nil {
+		log.Errorf("Error occur: %v", err)
+	}
+	return c.LoadFromYAML(envYAML)
 }

-func SetGlobalConfig(c Config) {
-	mux.Lock()
-	conf = &c
-	mux.Unlock()
+func (c *Config) Load(filepath string) error {
+	err := c.LoadFromYAMLPath(filepath)
+	if err != nil {
+		return err
+	}
+	err = c.LoadFromEnv()
+	return err
 }

-
-
-type TerminalConfig struct {
-	AssetListPageSize   string            `json:"TERMINAL_ASSET_LIST_PAGE_SIZE"`
-	AssetListSortBy     string            `json:"TERMINAL_ASSET_LIST_SORT_BY"`
-	CommandStorage      map[string]string `json:"TERMINAL_COMMAND_STORAGE"`
-	HeaderTitle         string            `json:"TERMINAL_HEADER_TITLE"`
-	HeartBeatInterval   int               `json:"TERMINAL_HEARTBEAT_INTERVAL"`
-	HostKey             string            `json:"TERMINAL_HOST_KEY"`
-	PasswordAuth        bool              `json:"TERMINAL_PASSWORD_AUTH"`
-	PublicKeyAuth       bool              `json:"TERMINAL_PUBLIC_KEY_AUTH"`
-	RePlayStorage       map[string]string `json:"TERMINAL_REPLAY_STORAGE"`
-	SessionKeepDuration int               `json:"TERMINAL_SESSION_KEEP_DURATION"`
-	TelnetRegex         string            `json:"TERMINAL_TELNET_REGEX"`
-	SecurityMaxIdleTime int               `json:"SECURITY_MAX_IDLE_TIME"`
+var name, _ = os.Hostname()
+var rootPath, _ = os.Getwd()
+var Conf = &Config{
+	Name:           name,
+	CoreHost:       "http://localhost:8080",
+	BootstrapToken: "",
+	BindHost:       "0.0.0.0",
+	SSHPort:        2222,
+	HTTPPort:       5000,
+	AccessKey:      "",
+	AccessKeyFile:  "access_key",
+	LogLevel:       "DEBUG",
+	RootPath:       rootPath,
+	Comment:        "Coco",
+	ReplayStorage:  map[string]string{},
+	CommandStorage: map[string]string{},
 }
--- a/pkg/config/config_test.go
+++ b/pkg/config/config_test.go
+package config
+
+import (
+	"encoding/json"
+	"fmt"
+	"testing"
+)
+
+func TestConfig_LoadFromYAMLPath(t *testing.T) {
+	err := Conf.LoadFromYAMLPath("./test_config.yml")
+	if err != nil {
+		t.Errorf("Load from yaml faild: %v", err)
+	}
+	data, _ := json.MarshalIndent(Conf, "", "    ")
+	fmt.Println(string(data))
+}
--- a/pkg/config/init.go
+++ b/pkg/config/init.go
@@ -2,5 +2,6 @@ package config

 func Initial() {
 	configFile := "config.yml"
-	conf = LoadFromYaml(configFile)
+	_ = Conf.Load(configFile)
+	Conf.EnsureConfigValid()
 }
--- a/pkg/config/test_config.yml
+++ b/pkg/config/test_config.yml
+NAME: Test
+CORE_HOST: http://127.0.0.1
+PUBLIC_KEY_AUTH: false
+PASSWORD_AUTH: true
+BIND_HOST: 0.0.0.0
+HEARTBEAT_INTERVAL: 10
\ No newline at end of file
--- a/pkg/logger/logger.go
+++ b/pkg/logger/logger.go
+package logger
+
+import (
+	"os"
+
+	"github.com/sirupsen/logrus"
+)
+
+var logger = logrus.New()
+
+func init() {
+	customFormatter := new(logrus.TextFormatter)
+	customFormatter.TimestampFormat = "2006-01-02 15:04:05"
+	logger.SetFormatter(&logrus.TextFormatter{})
+
+	// Output to stdout instead of the default stderr
+	// Can be any io.Writer, see below for File example
+	logger.SetOutput(os.Stdout)
+
+	// Only logger the warning severity or above.
+	logger.SetLevel(logrus.DebugLevel)
+}
+
+func Debug(args ...interface{}) {
+	logger.Debug(args...)
+}
+
+func Info(args ...interface{}) {
+	logger.Info(args...)
+}
+
+func Warn(args ...interface{}) {
+	logger.Warn(args...)
+}
+
+func Error(args ...interface{}) {
+	logger.Error(args...)
+}
+
+func Panic(args ...interface{}) {
+	logrus.Panic(args...)
+}
--- a/pkg/model/asset.go
+++ b/pkg/model/asset.go
 package model

-/*
-{
-	"id": "135ce78d-c4fe-44ca-9be3-c86581cb4365",
-	"hostname": "coco2",
-	"ip": "127.0.0.1",
-	"port": 32769,
-	"system_users_granted": [{
-		"id": "fbd39f8c-fa3e-4c2b-948e-ce1e0380b4f9",
-		"name": "docker_root",
-		"username": "root",
-		"priority": 19,
-		"protocol": "ssh",
-		"comment": "screencast",
-		"login_mode": "auto"
-	}],
-	"is_active": true,
-	"system_users_join": "root",
-	"os": null,
-	"domain": null,
-	"platform": "Linux",
-	"comment": "",
-	"protocol": "ssh",
-	"org_id": "",
-	"org_name": "DEFAULT"
-}
-*/
-
 type Asset struct {
 	Id              string       `json:"id"`
 	Hostname        string       `json:"hostname"`

--- a/pkg/service/accesskey.go
+++ b/pkg/service/accesskey.go
+package service
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"cocogo/pkg/common"
+)
+
+type AccessKey struct {
+	Id     string
+	Secret string
+}
+
+func (ak *AccessKey) Signature(date string) string {
+	signature := common.MakeSignature(ak.Secret, date)
+	return fmt.Sprintf("Sign %s:%s", ak.Id, signature)
+}
+
+// LoadAccessKey 加载AccessKey用来与 Core Api 交互
+func (s *Service) LoadAccessKey() {
+	/*
+	   1. 查看配置文件是否包含accessKey，解析不正确则退出程序
+	   2. 检查是否已经注册过accessKey，
+	   		1）已经注册过则进行解析，解析不正确则退出程序
+	   		2）未注册则新注册
+	*/
+	if s.Conf.AccessKey != "" {
+		fmt.Println(s.Conf.AccessKey)
+		keyAndSecret := strings.Split(s.Conf.AccessKey, ":")
+		if len(keyAndSecret) == 2 {
+			s.auth = accessAuth{
+				accessKey:    keyAndSecret[0],
+				accessSecret: keyAndSecret[1],
+			}
+		} else {
+			fmt.Println("ACCESS_KEY format err")
+			os.Exit(1)
+		}
+		return
+	}
+	var configPath string
+
+	if !path.IsAbs(s.Conf.AccessKeyFile) {
+		configPath = filepath.Join(s.Conf.RootPath, s.Conf.AccessKeyFile)
+	} else {
+		configPath = s.Conf.AccessKeyFile
+	}
+	_, err := os.Stat(configPath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			fmt.Println("Do not have access key, register it!")
+			err := s.registerTerminalAndSave()
+			if err != nil {
+				log.Info("register Failed:", err)
+				os.Exit(1)
+			}
+			return
+		} else {
+			fmt.Println("sys err:", err)
+			os.Exit(1)
+		}
+
+	}
+
+	buf, err := ioutil.ReadFile(configPath)
+	if err != nil {
+		fmt.Println("read Access key Failed:", err)
+		os.Exit(1)
+	}
+	keyAndSecret := strings.Split(string(buf), ":")
+	if len(keyAndSecret) == 2 {
+		s.auth = accessAuth{
+			accessKey:    keyAndSecret[0],
+			accessSecret: keyAndSecret[1],
+		}
+	} else {
+		fmt.Println("ACCESS_KEY format err")
+		os.Exit(1)
+	}
+
+}
--- a/pkg/service/assets.go
+++ b/pkg/service/assets.go
+package service
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"cocogo/pkg/model"
+)
+
+func (s *Service) GetSystemUserAssetAuthInfo(systemUserID, assetID string) (authInfo model.SystemUserAuthInfo, err error) {
+
+	url := fmt.Sprintf("%s%s", s.Conf.CoreHost,
+		fmt.Sprintf(SystemUserAssetAuthUrl, systemUserID, assetID),
+	)
+	buf, err := s.SendHTTPRequest("GET", url, nil)
+	if err != nil {
+		log.Info("get User Assets Groups err:", err)
+		return authInfo, err
+	}
+	err = json.Unmarshal(buf, &authInfo)
+	if err != nil {
+		log.Info(err)
+		return authInfo, err
+	}
+	return authInfo, err
+
+}
+
+func (s *Service) GetSystemUserAuthInfo(systemUserID string) {
+
+	url := fmt.Sprintf("%s%s", s.Conf.CoreHost,
+		fmt.Sprintf(SystemUserAuthUrl, systemUserID))
+	buf, err := s.SendHTTPRequest("GET", url, nil)
+	if err != nil {
+		log.Info("get User Assets Groups err:", err)
+		return
+	}
+	//err = json.Unmarshal(buf, &authInfo)
+	fmt.Printf("%s", buf)
+	if err != nil {
+		log.Info(err)
+		return
+	}
+	return
+
+}
--- a/pkg/service/client.go
+++ b/pkg/service/client.go
-package service
--- a/pkg/service/auth.go
+++ b/pkg/service/auth.go
--- a/pkg/service/perm.go
+++ b/pkg/service/perm.go
-package service
--- a/pkg/service/perms.go
+++ b/pkg/service/perms.go
+package service
+
+import (
+	"cocogo/pkg/model"
+	"encoding/json"
+	"fmt"
+)
+
+func (s *Service) GetUserAssets(uid string) (resp []model.Asset, err error) {
+
+	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(UserAssetsUrl, uid))
+
+	buf, err := s.SendHTTPRequest("GET", url, nil)
+	if err != nil {
+		log.Info("get User Assets err:", err)
+		return resp, err
+	}
+	err = json.Unmarshal(buf, &resp)
+	if err != nil {
+		log.Info(err)
+		return resp, err
+	}
+	return resp, nil
+
+}
+
+func (s *Service) GetUserAssetNodes(uid string) ([]model.AssetNode, error) {
+
+	var resp []model.AssetNode
+
+	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(UserNodesAssetsUrl, uid))
+
+	buf, err := s.SendHTTPRequest("GET", url, nil)
+	if err != nil {
+		log.Info("get User Assets Groups err:", err)
+		return resp, err
+	}
+	err = json.Unmarshal(buf, &resp)
+	if err != nil {
+		log.Info(err)
+		return resp, err
+	}
+	return resp, err
+}
+
+func (s *Service) ValidateUserAssetPermission(userID, systemUserID, AssetID string) bool {
+	// cache_policy  0:不使用缓存 1:使用缓存 2: 刷新缓存
+
+	baseUrl, _ := neturl.Parse(fmt.Sprintf("%s%s", s.Conf.CoreHost, ValidateUserAssetPermission))
+	params := neturl.Values{}
+	params.Add("user_id", userID)
+	params.Add("asset_id", AssetID)
+	params.Add("system_user_id", systemUserID)
+	params.Add("cache_policy", "1")
+
+	baseUrl.RawQuery = params.Encode()
+	buf, err := s.SendHTTPRequest("GET", baseUrl.String(), nil)
+	if err != nil {
+		log.Error("Check User Asset Permission err:", err)
+		return false
+	}
+	var res struct {
+		Msg bool `json:"msg"'`
+	}
+	if err = json.Unmarshal(buf, &res); err != nil {
+		return false
+	}
+	return res.Msg
+}
--- a/pkg/auth/authservice.go
+++ b/pkg/auth/authservice.go
--- a/pkg/service/terminal.go
+++ b/pkg/service/terminal.go
+package service
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"os"
+)
+
+func (s *Service) PushSessionReplay(gZipFile, sessionID string) error {
+	fp, err := os.Open(gZipFile)
+	if err != nil {
+		return err
+	}
+	defer fp.Close()
+	fi, err := fp.Stat()
+	if err != nil {
+		return err
+	}
+
+	body := &bytes.Buffer{}
+	writer := multipart.NewWriter(body)
+	part, err := writer.CreateFormFile("file", fi.Name())
+	if err != nil {
+		return err
+	}
+	_, _ = io.Copy(part, fp)
+	err = writer.Close() // close writer before POST request
+	if err != nil {
+		return err
+	}
+
+	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(SessionReplay, sessionID))
+	req, err := http.NewRequest("POST", url, body)
+	currentDate := HTTPGMTDate()
+	req.Header.Add("Content-Type", writer.FormDataContentType())
+	req.Header.Set("Date", currentDate)
+	req.Header.Set("Authorization", s.auth.Signature(currentDate))
+	resp, err := s.http.Do(req)
+	defer resp.Body.Close()
+	if err != nil {
+		log.Info("Send HTTP Request failed:", err)
+		return err
+	}
+
+	log.Info("PushSessionReplay:", err)
+	return err
+}
+
+func (s *Service) CreateSession(data []byte) bool {
+	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, SessionList)
+
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(data))
+	req.Header.Set("Content-Type", "application/json")
+	currentDate := HTTPGMTDate()
+	req.Header.Set("Date", currentDate)
+	req.Header.Set("Authorization", s.auth.Signature(currentDate))
+	resp, err := s.http.Do(req)
+	defer resp.Body.Close()
+	if err != nil {
+		log.Error("create Session err: ", err)
+		return false
+	}
+	if resp.StatusCode == 201 {
+		log.Info("create Session 201")
+		return true
+	}
+	return false
+
+}
+
+func (s *Service) FinishSession(id string, jsonData []byte) bool {
+
+	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(SessionDetail, id))
+	res, err := s.SendHTTPRequest("PATCH", url, jsonData)
+	fmt.Printf("%s", res)
+	if err != nil {
+		log.Error(err)
+		return false
+	}
+	return true
+}
+
+func (s *Service) FinishReply(id string) bool {
+	data := map[string]bool{"has_replay": true}
+	jsonData, _ := json.Marshal(data)
+	url := fmt.Sprintf("%s%s", s.Conf.CoreHost, fmt.Sprintf(SessionDetail, id))
+	_, err := s.SendHTTPRequest("PATCH", url, jsonData)
+	if err != nil {
+		log.Error(err)
+		return false
+	}
+	return true
+}
--- a/pkg/service/urls.go
+++ b/pkg/service/urls.go
+package service
+
+var urls = map[string]string{
+	"UserAuthUrl":    "/api/users/v1/auth/",    // post 验证用户登陆
+	"UserProfileUrl": "/api/users/v1/profile/", // 获取当前用户的基本信息
+
+	"SystemUserAssetAuthUrl": "/api/assets/v1/system-user/%s/asset/%s/auth-info/", // 该系统用户对某资产的授权
+	"SystemUserAuthUrl":      "/api/assets/v1/system-user/%s/auth-info/",          // 该系统用户的授权
+
+	"TerminalRegisterUrl": "/api/terminal/v2/terminal-registrations/", // 注册当前coco
+	"TerminalConfigUrl":   "/api/terminal/v1/terminal/config/",        // 从jumpserver获取coco的配置
+	"SessionList":         "/api/terminal/v1/sessions/",               //上传创建的资产会话session id
+	"SessionDetail":       "/api/terminal/v1/sessions/%s/",            // finish session的时候发送
+	"SessionReplay":       "/api/terminal/v1/sessions/%s/replay/",     //上传录像
+
+	"UserAssetsUrl":               "/api/perms/v1/user/%s/assets/",                 //获取用户授权的所有资产
+	"UserNodesAssetsUrl":          "/api/perms/v1/user/%s/nodes-assets/",           // 获取用户授权的所有节点信息 节点分组
+	"ValidateUserAssetPermission": "/api/perms/v1/asset-permission/user/validate/", //0不使用缓存 1 使用缓存 2 刷新缓存
+}
--- a/pkg/sshd/server.go
+++ b/pkg/sshd/server.go
@@ -44,7 +44,7 @@ func Initial() {

 func StartServer() {
 	srv := ssh.Server{
-		Addr:             conf.BindHost + ":" + strconv.Itoa(conf.SshPort),
+		Addr:             conf.BindHost + ":" + strconv.Itoa(conf.SSHPort),
 		PasswordHandler:  appService.CheckSSHPassword,
 		PublicKeyHandler: appService.CheckSSHPublicKey,
 		HostSigners:      []ssh.Signer{serverSig},