"refactor(common): 重构序列化工具包，将serialize重命名为utils并添加bitset组件"

2025-07-25 01:29:03 +00:00
parent 84d6d99356
commit 58e972eea3
113 changed files with 11 additions and 11 deletions
--- a/common/utils/go-jsonrpc/auth/auth.go
+++ b/common/utils/go-jsonrpc/auth/auth.go
@@ -0,0 +1,79 @@
+package auth
+
+import (
+	"context"
+	"reflect"
+
+	"golang.org/x/xerrors"
+)
+
+type Permission string
+
+type permKey int
+
+var permCtxKey permKey
+
+func WithPerm(ctx context.Context, perms []Permission) context.Context {
+	return context.WithValue(ctx, permCtxKey, perms)
+}
+
+func HasPerm(ctx context.Context, defaultPerms []Permission, perm Permission) bool {
+	callerPerms, ok := ctx.Value(permCtxKey).([]Permission)
+	if !ok {
+		callerPerms = defaultPerms
+	}
+
+	for _, callerPerm := range callerPerms {
+		if callerPerm == perm {
+			return true
+		}
+	}
+	return false
+}
+
+func PermissionedProxy(validPerms, defaultPerms []Permission, in interface{}, out interface{}) {
+	rint := reflect.ValueOf(out).Elem()
+	ra := reflect.ValueOf(in)
+
+	for f := 0; f < rint.NumField(); f++ {
+		field := rint.Type().Field(f)
+		requiredPerm := Permission(field.Tag.Get("perm"))
+		if requiredPerm == "" {
+			panic("missing 'perm' tag on " + field.Name) // ok
+		}
+
+		// Validate perm tag
+		ok := false
+		for _, perm := range validPerms {
+			if requiredPerm == perm {
+				ok = true
+				break
+			}
+		}
+		if !ok {
+			panic("unknown 'perm' tag on " + field.Name) // ok
+		}
+
+		fn := ra.MethodByName(field.Name)
+
+		rint.Field(f).Set(reflect.MakeFunc(field.Type, func(args []reflect.Value) (results []reflect.Value) {
+			ctx := args[0].Interface().(context.Context)
+			if HasPerm(ctx, defaultPerms, requiredPerm) {
+				return fn.Call(args)
+			}
+
+			err := xerrors.Errorf("missing permission to invoke '%s' (need '%s')", field.Name, requiredPerm)
+			rerr := reflect.ValueOf(&err).Elem()
+
+			if field.Type.NumOut() == 2 {
+				return []reflect.Value{
+					reflect.Zero(field.Type.Out(0)),
+					rerr,
+				}
+			} else {
+				return []reflect.Value{rerr}
+			}
+		}))
+
+	}
+}
--- a/common/utils/go-jsonrpc/auth/handler.go
+++ b/common/utils/go-jsonrpc/auth/handler.go
@@ -0,0 +1,48 @@
+package auth
+
+import (
+	"context"
+	"net/http"
+	"strings"
+
+	logging "github.com/ipfs/go-log/v2"
+)
+
+var log = logging.Logger("auth")
+
+type Handler struct {
+	Verify func(ctx context.Context, token string) ([]Permission, error)
+	Next   http.HandlerFunc
+}
+
+func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	token := r.Header.Get("Authorization")
+	if token == "" {
+		token = r.FormValue("token")
+		if token != "" {
+			token = "Bearer " + token
+		}
+	}
+
+	if token != "" {
+		if !strings.HasPrefix(token, "Bearer ") {
+			log.Warn("missing Bearer prefix in auth header")
+			w.WriteHeader(401)
+			return
+		}
+		token = strings.TrimPrefix(token, "Bearer ")
+
+		allow, err := h.Verify(ctx, token)
+		if err != nil {
+			log.Warnf("JWT Verification failed (originating from %s): %s", r.RemoteAddr, err)
+			w.WriteHeader(401)
+			return
+		}
+
+		ctx = WithPerm(ctx, allow)
+	}
+
+	h.Next(w, r.WithContext(ctx))
+}