platform/web/handlers/whitelist.go

package handlers

import (
	"platform/pkg/env"
	"platform/pkg/u"
	"platform/web/auth"
	"platform/web/core"
	g "platform/web/globals"
	"platform/web/globals/orm"
	m "platform/web/models"
	q "platform/web/queries"
	"time"

	"github.com/gofiber/fiber/v2"
)

type ListWhitelistReq struct {
	core.PageReq
}

type ListWhitelistResp struct {
	Total int64          `json:"total"`
	List  []*m.Whitelist `json:"list"`
	Page  int            `json:"page"`
	Size  int            `json:"size"`
}

func ListWhitelist(c *fiber.Ctx) error {

	// 检查权限
	authCtx, err := auth.GetAuthCtx(c).PermitUser()
	if err != nil {
		return err
	}

	// 解析请求参数
	req := new(ListWhitelistReq)
	if err := c.BodyParser(req); err != nil {
		return err
	}

	// 获取白名单信息
	do := q.Whitelist.Where(q.Whitelist.UserID.Eq(authCtx.User.ID))

	list, err := q.Whitelist.Where(do).
		Offset(req.GetOffset()).
		Limit(req.GetLimit()).
		Order(q.Whitelist.CreatedAt.Desc()).
		Find()
	if err != nil {
		return err
	}

	var total int64
	if len(list) < req.GetLimit() {
		total = int64(len(list) + req.GetOffset())
	} else {
		total, err = q.Whitelist.Where(do).Count()
		if err != nil {
			return err
		}
	}

	// 返回结果
	return c.JSON(core.PageResp{
		Total: int(total),
		List:  list,
		Page:  req.GetPage(),
		Size:  req.GetSize(),
	})
}

type CreateWhitelistReq struct {
	Host   string `json:"host" validate:"required,ip"`
	Remark string `json:"remark,omitempty"`
}

func CreateWhitelist(c *fiber.Ctx) error {

	// 检查权限
	authCtx, err := auth.GetAuthCtx(c).PermitUser()
	if err != nil {
		return err
	}

	// 解析请求参数
	req := new(CreateWhitelistReq)
	err = g.Validator.ParseBody(c, req)
	if err != nil {
		return err
	}

	ip, err := secureAddr(req.Host)
	if err != nil {
		return err
	}

	// 创建白名单
	err = q.Whitelist.Create(&m.Whitelist{
		UserID: authCtx.User.ID,
		IP:     u.Z(ip),
		Remark: &req.Remark,
	})
	if err != nil {
		return core.NewServErr("添加白名单失败", err)
	}

	return nil
}

type UpdateWhitelistReq struct {
	ID     int32  `json:"id" validate:"required"`
	Host   string `json:"host"`
	Remark string `json:"remark"`
}

func UpdateWhitelist(c *fiber.Ctx) error {
	// 检查权限
	authCtx, err := auth.GetAuthCtx(c).PermitUser()
	if err != nil {
		return err
	}

	// 解析请求参数
	req := new(UpdateWhitelistReq)
	if err := c.BodyParser(req); err != nil {
		return err
	}
	if req.ID == 0 {
		return fiber.NewError(fiber.StatusBadRequest, "id is required")
	}

	ip, err := secureAddr(req.Host)
	if err != nil {
		return err
	}

	// 更新白名单
	_, err = q.Whitelist.
		Where(
			q.Whitelist.ID.Eq(req.ID),
			q.Whitelist.UserID.Eq(authCtx.User.ID),
		).
		UpdateSimple(
			q.Whitelist.IP.Value(ip),
			q.Whitelist.Remark.Value(req.Remark),
		)
	if err != nil {
		return err
	}
	return nil
}

type RemoveWhitelistReq struct {
	ID int32 `json:"id" validate:"required"`
}

func RemoveWhitelist(c *fiber.Ctx) error {

	// 检查权限
	authCtx, err := auth.GetAuthCtx(c).PermitUser()
	if err != nil {
		return err
	}

	// 解析请求参数
	var req []RemoveWhitelistReq
	if err := c.BodyParser(&req); err != nil {
		return err
	}
	if len(req) == 0 {
		return fiber.NewError(fiber.StatusBadRequest, "id is required")
	}

	var ids = make([]int32, len(req))
	for i, item := range req {
		if item.ID == 0 {
			return fiber.NewError(fiber.StatusBadRequest, "id is required")
		}
		ids[i] = item.ID
	}

	// 删除白名单
	_, err = q.Whitelist.
		Where(
			q.Whitelist.ID.In(ids...),
			q.Whitelist.UserID.Eq(authCtx.User.ID),
		).
		Update(
			q.Whitelist.DeletedAt, time.Now(),
		)
	if err != nil {
		return err
	}
	return nil
}

func secureAddr(str string) (*orm.Inet, error) {
	ip, err := orm.ParseInet(str)
	if err != nil {
		return nil, err
	}
	if !ip.IsGlobalUnicast() && env.RunMode != env.RunModeDev {
		return nil, fiber.NewError(fiber.StatusBadRequest, "IP 地址不可用")
	}
	return ip, nil
}