packages/libs/lib-server/src/user/access/service/access-service.ts

import {Inject, Provide, Scope, ScopeEnum} from '@midwayjs/core';
import {InjectEntityModel} from '@midwayjs/typeorm';
import { In, Repository } from "typeorm";
import {AccessGetter, BaseService, PageReq, PermissionException, ValidateException} from '../../../index.js';
import {AccessEntity} from '../entity/access.js';
import {AccessDefine, accessRegistry, newAccess} from '@certd/pipeline';
import {EncryptService} from './encrypt-service.js';

/**
 * 授权
 */
@Provide()
@Scope(ScopeEnum.Request, {allowDowngrade: true})
export class AccessService extends BaseService<AccessEntity> {
  @InjectEntityModel(AccessEntity)
  repository: Repository<AccessEntity>;

  @Inject()
  encryptService: EncryptService;

  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
  //@ts-ignore
  getRepository() {
    return this.repository;
  }

  async page(pageReq: PageReq<AccessEntity>) {
    const res = await super.page(pageReq);
    res.records = res.records.map(item => {
      delete item.encryptSetting;
      return item;
    });
    return res;
  }

  async add(param) {
    let oldEntity = null;
    if (param._copyFrom){
      oldEntity = await this.info(param._copyFrom);
      if (oldEntity == null) {
        throw new ValidateException('该授权配置不存在,请确认是否已被删除');
      }
      if (oldEntity.userId  !== param.userId) {
        throw new ValidateException('您无权查看该授权配置');
      }
    }
    delete param._copyFrom
    this.encryptSetting(param, oldEntity);
    return await super.add(param);
  }

  encryptSetting(param: any, oldSettingEntity?: AccessEntity) {
    const accessType = param.type;
    const accessDefine: AccessDefine = accessRegistry.getDefine(accessType);
    if (!accessDefine) {
      throw new ValidateException(`授权类型${accessType}不存在`);
    }
    const setting = param.setting;
    if (!setting) {
      return;
    }
    const json = JSON.parse(setting);
    let oldSetting = {};
    let encryptSetting = {};
    const firstEncrypt = !oldSettingEntity || !oldSettingEntity.encryptSetting || oldSettingEntity.encryptSetting === '{}';
    if (oldSettingEntity) {
      oldSetting = JSON.parse(oldSettingEntity.setting || '{}');
      encryptSetting = JSON.parse(oldSettingEntity.encryptSetting || '{}');
    }
    for (const key in json) {
      //加密
      let value = json[key];
      if (value && typeof value === 'string') {
        //去除前后空格
        value = value.trim();
        json[key] = value;
      }
      const accessInputDefine = accessDefine.input[key];
      if (!accessInputDefine) {
        continue;
      }
      if (!accessInputDefine.encrypt || !value || typeof value !== 'string') {
        //定义无需加密、value为空、不是字符串 这些不需要加密
        encryptSetting[key] = {
          value: value,
          encrypt: false,
        };
        continue;
      }

      if (firstEncrypt || oldSetting[key] !== value) {
        //星号保护
        const length = value.length;
        const subIndex = Math.min(2, length);
        let starLength = length - subIndex * 2;
        starLength = Math.max(2, starLength);
        const starString = '*'.repeat(starLength);
        json[key] = value.substring(0, subIndex) + starString + value.substring(value.length - subIndex);
        encryptSetting[key] = {
          value: this.encryptService.encrypt(value),
          encrypt: true,
        };
      }
      //未改变情况下，不做修改
    }
    param.encryptSetting = JSON.stringify(encryptSetting);
    param.setting = JSON.stringify(json);
  }

  /**
   * 修改
   * @param param 数据
   */
  async update(param) {
    const oldEntity = await this.info(param.id);
    if (oldEntity == null) {
      throw new ValidateException('该授权配置不存在,请确认是否已被删除');
    }
    this.encryptSetting(param, oldEntity);
    return await super.update(param);
  }

  async getSimpleInfo(id: number) {
    const entity = await this.info(id);
    if (entity == null) {
      throw new ValidateException('该授权配置不存在,请确认是否已被删除');
    }
    return {
      id: entity.id,
      name: entity.name,
      userId: entity.userId,
      projectId: entity.projectId,
    };
  }

  async getAccessById(id: any, checkUserId: boolean, userId?: number, projectId?: number): Promise<any> {
    const entity = await this.info(id);
    if (entity == null) {
      throw new Error(`该授权配置不存在,请确认是否已被删除:id=${id}`);
    }
    if (checkUserId) {
      if (userId == null) {
        throw new ValidateException('userId不能为空');
      }
      if (userId !== entity.userId) {
        throw new PermissionException('您对该Access授权无访问权限');
      }
    }
    if (projectId != null && projectId !== entity.projectId) {
      throw new PermissionException('您对该Access授权无访问权限');
    }

    // const access = accessRegistry.get(entity.type);
    const setting = this.decryptAccessEntity(entity);
    const input = {
      id: entity.id,
      ...setting,
    };
    const accessGetter = new AccessGetter(userId,projectId, this.getById.bind(this));
    return await newAccess(entity.type, input,accessGetter);
  }

  async getById(id: any, userId: number, projectId?: number): Promise<any> {
    return await this.getAccessById(id, true, userId, projectId);
  }

  decryptAccessEntity(entity: AccessEntity): any {
    let setting = {};
    if (entity.encryptSetting && entity.encryptSetting !== '{}') {
      setting = JSON.parse(entity.encryptSetting);
      for (const key in setting) {
        //解密
        const encryptValue = setting[key];
        let value = encryptValue.value;
        if (encryptValue.encrypt) {
          value = this.encryptService.decrypt(value);
        }
        setting[key] = value;
      }
    } else if (entity.setting) {
      setting = JSON.parse(entity.setting);
    }
    return setting;
  }

  getDefineList() {
    return accessRegistry.getDefineList();
  }

  getDefineByType(type: string) {
    return accessRegistry.getDefine(type);
  }


  async getSimpleByIds(ids: number[], userId: any, projectId?: number) {
    if (ids.length === 0) {
      return [];
    }
    if (userId==null) {
      return [];
    }
    return await this.repository.find({
      where: {
        id: In(ids),
        userId,
        projectId,
      },
      select: {
        id: true,
        name: true,
        type: true,
        userId:true,
        projectId:true,
      },
    });

  }
}
perf: 支持s3 access做测试 2025-06-13 12:18:26 +08:00			`import {Inject, Provide, Scope, ScopeEnum} from '@midwayjs/core';`
			`import {InjectEntityModel} from '@midwayjs/typeorm';`
chore: auto 2025-07-12 23:00:04 +08:00			`import { In, Repository } from "typeorm";`
perf: 支持s3 access做测试 2025-06-13 12:18:26 +08:00			`import {AccessGetter, BaseService, PageReq, PermissionException, ValidateException} from '../../../index.js';`
			`import {AccessEntity} from '../entity/access.js';`
			`import {AccessDefine, accessRegistry, newAccess} from '@certd/pipeline';`
			`import {EncryptService} from './encrypt-service.js';`
build: trident-sync prepare 2023-01-29 13:44:19 +08:00
			`/**`
			`* 授权`
			`*/`
			`@Provide()`
perf: 支持s3 access做测试 2025-06-13 12:18:26 +08:00			`@Scope(ScopeEnum.Request, {allowDowngrade: true})`
feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析 2024-10-07 03:21:16 +08:00			`export class AccessService extends BaseService<AccessEntity> {`
build: trident-sync prepare 2023-01-29 13:44:19 +08:00			`@InjectEntityModel(AccessEntity)`
			`repository: Repository<AccessEntity>;`

perf: 授权配置支持加密 2024-08-27 13:46:19 +08:00			`@Inject()`
			`encryptService: EncryptService;`

feat: 用户套餐，用户支付功能 2024-12-22 14:00:46 +08:00			`// eslint-disable-next-line @typescript-eslint/ban-ts-comment`
perf: 检查cname是否正确配置 2024-10-09 02:34:28 +08:00			`//@ts-ignore`
build: trident-sync prepare 2023-01-29 13:44:19 +08:00			`getRepository() {`
			`return this.repository;`
			`}`

perf: [comm] 支持插件管理 2024-10-14 00:19:55 +08:00			`async page(pageReq: PageReq<AccessEntity>) {`
			`const res = await super.page(pageReq);`
perf: 授权配置支持加密 2024-08-27 13:46:19 +08:00			`res.records = res.records.map(item => {`
			`delete item.encryptSetting;`
			`return item;`
			`});`
			`return res;`
			`}`

			`async add(param) {`
fix: 修复授权配置复制功能，无法复制已加密字段的问题 2025-08-09 18:11:20 +08:00			`let oldEntity = null;`
			`if (param._copyFrom){`
			`oldEntity = await this.info(param._copyFrom);`
			`if (oldEntity == null) {`
			`throw new ValidateException('该授权配置不存在,请确认是否已被删除');`
			`}`
			`if (oldEntity.userId !== param.userId) {`
			`throw new ValidateException('您无权查看该授权配置');`
			`}`
			`}`
			`delete param._copyFrom`
			`this.encryptSetting(param, oldEntity);`
perf: 授权配置支持加密 2024-08-27 13:46:19 +08:00			`return await super.add(param);`
			`}`

			`encryptSetting(param: any, oldSettingEntity?: AccessEntity) {`
			`const accessType = param.type;`
			`const accessDefine: AccessDefine = accessRegistry.getDefine(accessType);`
			`if (!accessDefine) {`
			throw new ValidateException(`授权类型${accessType}不存在`);
			`}`
			`const setting = param.setting;`
			`if (!setting) {`
			`return;`
			`}`
			`const json = JSON.parse(setting);`
			`let oldSetting = {};`
			`let encryptSetting = {};`
perf: 部署插件支持宝塔、易盾云等 2024-08-30 18:50:53 +08:00			`const firstEncrypt = !oldSettingEntity \|\| !oldSettingEntity.encryptSetting \|\| oldSettingEntity.encryptSetting === '{}';`
perf: 授权配置支持加密 2024-08-27 13:46:19 +08:00			`if (oldSettingEntity) {`
			`oldSetting = JSON.parse(oldSettingEntity.setting \|\| '{}');`
			`encryptSetting = JSON.parse(oldSettingEntity.encryptSetting \|\| '{}');`
			`}`
			`for (const key in json) {`
			`//加密`
perf: 授权配置去除前后空格 2024-10-18 12:06:27 +08:00			`let value = json[key];`
			`if (value && typeof value === 'string') {`
			`//去除前后空格`
			`value = value.trim();`
			`json[key] = value;`
			`}`
perf: 授权配置支持加密 2024-08-27 13:46:19 +08:00			`const accessInputDefine = accessDefine.input[key];`
			`if (!accessInputDefine) {`
perf: 上传到主机，支持socks代理 2024-09-29 11:50:59 +08:00			`continue;`
perf: 授权配置支持加密 2024-08-27 13:46:19 +08:00			`}`
			`if (!accessInputDefine.encrypt \|\| !value \|\| typeof value !== 'string') {`
			`//定义无需加密、value为空、不是字符串这些不需要加密`
			`encryptSetting[key] = {`
			`value: value,`
			`encrypt: false,`
			`};`
			`continue;`
			`}`

			`if (firstEncrypt \|\| oldSetting[key] !== value) {`
			`//星号保护`
			`const length = value.length;`
			`const subIndex = Math.min(2, length);`
perf: 支持ftp上传 2024-09-01 04:49:26 +08:00			`let starLength = length - subIndex * 2;`
			`starLength = Math.max(2, starLength);`
perf: 授权配置支持加密 2024-08-27 13:46:19 +08:00			`const starString = '*'.repeat(starLength);`
			`json[key] = value.substring(0, subIndex) + starString + value.substring(value.length - subIndex);`
			`encryptSetting[key] = {`
			`value: this.encryptService.encrypt(value),`
			`encrypt: true,`
			`};`
			`}`
			`//未改变情况下，不做修改`
			`}`
			`param.encryptSetting = JSON.stringify(encryptSetting);`
			`param.setting = JSON.stringify(json);`
			`}`
perf: 支持s3 access做测试 2025-06-13 12:18:26 +08:00
perf: 授权配置支持加密 2024-08-27 13:46:19 +08:00			`/**`
			`* 修改`
			`* @param param 数据`
			`*/`
			`async update(param) {`
			`const oldEntity = await this.info(param.id);`
			`if (oldEntity == null) {`
			`throw new ValidateException('该授权配置不存在,请确认是否已被删除');`
			`}`
			`this.encryptSetting(param, oldEntity);`
			`return await super.update(param);`
			`}`

chore: 2024-11-20 18:12:10 +08:00			`async getSimpleInfo(id: number) {`
			`const entity = await this.info(id);`
			`if (entity == null) {`
			`throw new ValidateException('该授权配置不存在,请确认是否已被删除');`
			`}`
			`return {`
			`id: entity.id,`
			`name: entity.name,`
			`userId: entity.userId,`
chore: project controller ok 2026-02-13 21:28:17 +08:00			`projectId: entity.projectId,`
chore: 2024-11-20 18:12:10 +08:00			`};`
			`}`

chore: project controller ok 2026-02-13 21:28:17 +08:00			`async getAccessById(id: any, checkUserId: boolean, userId?: number, projectId?: number): Promise<any> {`
build: trident-sync prepare 2023-01-29 13:44:19 +08:00			`const entity = await this.info(id);`
perf: 上传到主机插件支持复制到本机路径 2024-05-30 10:54:18 +08:00			`if (entity == null) {`
			throw new Error(`该授权配置不存在,请确认是否已被删除:id=${id}`);
			`}`
fix: 修复cname服务普通用户access访问权限问题 2024-10-20 11:47:35 +08:00			`if (checkUserId) {`
			`if (userId == null) {`
			`throw new ValidateException('userId不能为空');`
			`}`
			`if (userId !== entity.userId) {`
			`throw new PermissionException('您对该Access授权无访问权限');`
			`}`
feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析 2024-10-07 03:21:16 +08:00			`}`
chore: project controller ok 2026-02-13 21:28:17 +08:00			`if (projectId != null && projectId !== entity.projectId) {`
			`throw new PermissionException('您对该Access授权无访问权限');`
			`}`
fix: 修复cname服务普通用户access访问权限问题 2024-10-20 11:47:35 +08:00
build: trident-sync prepare 2023-01-29 13:44:19 +08:00			`// const access = accessRegistry.get(entity.type);`
chore: 2024-09-30 18:00:51 +08:00			`const setting = this.decryptAccessEntity(entity);`
chore: 2024-10-01 23:52:44 +08:00			`const input = {`
chore: 2024-09-30 18:00:51 +08:00			`id: entity.id,`
			`...setting,`
			`};`
chore: project controller ok 2026-02-13 21:28:17 +08:00			`const accessGetter = new AccessGetter(userId,projectId, this.getById.bind(this));`
perf: 支持s3 access做测试 2025-06-13 12:18:26 +08:00			`return await newAccess(entity.type, input,accessGetter);`
chore: 2024-09-30 18:00:51 +08:00			`}`

chore: project controller ok 2026-02-13 21:28:17 +08:00			`async getById(id: any, userId: number, projectId?: number): Promise<any> {`
			`return await this.getAccessById(id, true, userId, projectId);`
fix: 修复cname服务普通用户access访问权限问题 2024-10-20 11:47:35 +08:00			`}`

chore: 2024-09-30 18:00:51 +08:00			`decryptAccessEntity(entity: AccessEntity): any {`
perf: 授权配置支持加密 2024-08-27 13:46:19 +08:00			`let setting = {};`
			`if (entity.encryptSetting && entity.encryptSetting !== '{}') {`
			`setting = JSON.parse(entity.encryptSetting);`
			`for (const key in setting) {`
			`//解密`
			`const encryptValue = setting[key];`
			`let value = encryptValue.value;`
			`if (encryptValue.encrypt) {`
			`value = this.encryptService.decrypt(value);`
			`}`
			`setting[key] = value;`
			`}`
			`} else if (entity.setting) {`
			`setting = JSON.parse(entity.setting);`
			`}`
chore: 2024-09-30 18:00:51 +08:00			`return setting;`
build: trident-sync prepare 2023-01-29 13:44:19 +08:00			`}`

			`getDefineList() {`
			`return accessRegistry.getDefineList();`
			`}`

perf: 插件贡献文档及示例 2024-03-22 00:50:02 +08:00			`getDefineByType(type: string) {`
build: trident-sync prepare 2023-01-29 13:44:19 +08:00			`return accessRegistry.getDefine(type);`
			`}`
chore: auto 2025-07-12 23:00:04 +08:00

chore: project controller ok 2026-02-13 21:28:17 +08:00			`async getSimpleByIds(ids: number[], userId: any, projectId?: number) {`
chore: auto 2025-07-12 23:00:04 +08:00			`if (ids.length === 0) {`
			`return [];`
			`}`
chore: project 2026-02-13 23:51:27 +08:00			`if (userId==null) {`
chore: auto 2025-07-12 23:00:04 +08:00			`return [];`
			`}`
			`return await this.repository.find({`
			`where: {`
			`id: In(ids),`
			`userId,`
chore: project controller ok 2026-02-13 21:28:17 +08:00			`projectId,`
chore: auto 2025-07-12 23:00:04 +08:00			`},`
			`select: {`
			`id: true,`
			`name: true,`
			`type: true,`
chore: project controller ok 2026-02-13 21:28:17 +08:00			`userId:true,`
			`projectId:true,`
chore: auto 2025-07-12 23:00:04 +08:00			`},`
			`});`

			`}`
build: trident-sync prepare 2023-01-29 13:44:19 +08:00			`}`