239 lines
6.2 KiB
JavaScript
239 lines
6.2 KiB
JavaScript
import ldap from 'ldapjs';
|
|
import ssha from 'ssha';
|
|
import config from '../../../config/config';
|
|
import { User, LdapUser } from '../../models/admin/User';
|
|
import { combPer, combRole } from '../../utils/comb-permissions';
|
|
import { Router } from 'express';
|
|
import logger from '../../utils/logger';
|
|
const router = new Router();
|
|
|
|
router.get('/list', async function userListCtrl(req, res, next) {
|
|
// logger.db(req, '系统管理', '用户列表', '获取所有用户信息');
|
|
// 权限判断
|
|
const hasPerm =
|
|
req.user.permissions.includes(`users-readable`) ||
|
|
req.user.permissions.includes(`users-writeable`);
|
|
if (!hasPerm) {
|
|
res.status(403).send({
|
|
errcode: 1,
|
|
errmsg: '用户无用户列表查看权限!'
|
|
});
|
|
return;
|
|
}
|
|
const client = ldap.createClient({
|
|
url: config.ldap.url
|
|
});
|
|
const opts = {
|
|
filter: '(&(objectClass=posixAccount)(o=gmplatform))',
|
|
scope: 'sub',
|
|
timeLimit: 500
|
|
};
|
|
const data = [];
|
|
|
|
client.bind(config.ldap.user, config.ldap.password, function(err, bindRes) {
|
|
if (err) next(err);
|
|
client.search('ou=people,dc=kingsome,dc=cn', opts, function(
|
|
err,
|
|
searchRes
|
|
) {
|
|
if (err) next(err);
|
|
searchRes.on('searchEntry', function(entry) {
|
|
data.push(entry.object);
|
|
});
|
|
searchRes.on('error', function(err) {
|
|
client.unbind();
|
|
next(err);
|
|
});
|
|
searchRes.on('end', async function(result) {
|
|
try {
|
|
let users = data;
|
|
users = users.map(user => {
|
|
user.userInfo = user.uidNumber;
|
|
return user;
|
|
});
|
|
|
|
const delResult = await LdapUser.deleteMany({});
|
|
const saveResult = await LdapUser.insertMany(data);
|
|
|
|
// 取出完整用户信息
|
|
// 首次查询
|
|
let compUserList = await LdapUser.find({}).populate({
|
|
path: 'userInfo'
|
|
});
|
|
|
|
compUserList.map(async user => {
|
|
if (!user.userInfo) {
|
|
const newUser = new User({
|
|
_id: user.uidNumber,
|
|
username: user.uid,
|
|
fullname: user.cn
|
|
});
|
|
await newUser.save();
|
|
}
|
|
});
|
|
|
|
// 再次查询
|
|
compUserList = await LdapUser.find({}).populate({
|
|
path: 'userInfo',
|
|
populate: {
|
|
path: 'permissions'
|
|
}
|
|
});
|
|
|
|
compUserList = compUserList.map(user => {
|
|
let permissions = user.userInfo.permissions;
|
|
let roles = combRole(permissions);
|
|
permissions = combPer(permissions);
|
|
let userInfo = user.userInfo;
|
|
userInfo.permissions = permissions;
|
|
userInfo.roles = roles;
|
|
return userInfo;
|
|
});
|
|
|
|
res.send({
|
|
errcode: 0,
|
|
userList: compUserList
|
|
});
|
|
client.unbind();
|
|
} catch (err) {
|
|
next(err);
|
|
}
|
|
});
|
|
});
|
|
});
|
|
});
|
|
router.post('/edit', async function userEditCtrl(req, res, next) {
|
|
logger.db(req, '系统管理', '用户列表', '编辑用户信息');
|
|
// 权限判断
|
|
const hasPerm = req.user.permissions.includes(`users-writeable`);
|
|
if (!hasPerm) {
|
|
res.status(403).send({
|
|
errcode: 1,
|
|
errmsg: '用户无用户列表查看权限!'
|
|
});
|
|
return;
|
|
}
|
|
const body = req.body;
|
|
const username = body.username;
|
|
delete body.username;
|
|
body.lastModifiedBy = req.user.fullname;
|
|
try {
|
|
const searchResult = await LdapUser.findOne({ uid: username });
|
|
if (searchResult) {
|
|
await User.updateOne({ username }, body);
|
|
res.send({
|
|
errcode: 0
|
|
});
|
|
} else {
|
|
res.send({
|
|
errcode: 1,
|
|
errmsg: '用户不存在'
|
|
});
|
|
}
|
|
} catch (err) {
|
|
next(err);
|
|
}
|
|
});
|
|
|
|
router.post('/save', async (req, res, next) => {
|
|
logger.db(req, '系统管理', '用户列表', '新增用户');
|
|
// 权限判断
|
|
const hasPerm = req.user.permissions.includes(`users-writeable`);
|
|
if (!hasPerm) {
|
|
res.status(403).send({
|
|
errcode: 1,
|
|
errmsg: '用户无用户列表查看权限!'
|
|
});
|
|
return;
|
|
}
|
|
const body = req.body;
|
|
const dn = `cn=${body.fullname},ou=people,dc=kingsome,dc=cn`;
|
|
const uidNumber = randomUid();
|
|
const entry = {
|
|
cn: body.fullname,
|
|
sn: body.fullname,
|
|
objectClass: [
|
|
'posixAccount',
|
|
'inetOrgPerson',
|
|
'organizationalPerson',
|
|
'person'
|
|
],
|
|
uidNumber: uidNumber,
|
|
gidNumber: 10014,
|
|
uid: body.username,
|
|
homeDirectory: `/home/${body.username}`,
|
|
userPassword: ssha.create(`${body.username}`),
|
|
o: 'gmplatform'
|
|
};
|
|
const client = ldap.createClient({
|
|
url: config.ldap.url
|
|
});
|
|
|
|
try {
|
|
client.bind(config.ldap.user, config.ldap.password, function(err, bindRes) {
|
|
if (err) next(err);
|
|
client.add(dn, entry, async function(err) {
|
|
if (err) {
|
|
if (err.message === 'Entry Already Exists') {
|
|
res.send({
|
|
errcode: 1,
|
|
errmsg: 'uidNumber 已存在,请重试!'
|
|
});
|
|
return;
|
|
} else {
|
|
next(err);
|
|
return;
|
|
}
|
|
}
|
|
client.unbind();
|
|
body._id = uidNumber;
|
|
const newUser = new User(body);
|
|
const result = await newUser.save();
|
|
res.send({
|
|
errcode: 0
|
|
});
|
|
});
|
|
});
|
|
} catch (err) {
|
|
next(err);
|
|
}
|
|
});
|
|
|
|
// 删除用户
|
|
router.post('/del', async (req, res, next) => {
|
|
logger.db(req, '系统管理', '用户列表', '删除用户');
|
|
// 权限判断
|
|
const hasPerm = req.user.permissions.includes(`users-writeable`);
|
|
if (!hasPerm) {
|
|
res.status(403).send({
|
|
errcode: 1,
|
|
errmsg: '用户无用户列表查看权限!'
|
|
});
|
|
return;
|
|
}
|
|
const body = req.body;
|
|
const dn = `cn=${body.fullname},ou=people,dc=kingsome,dc=cn`;
|
|
const client = ldap.createClient({
|
|
url: config.ldap.url
|
|
});
|
|
try {
|
|
client.bind(config.ldap.user, config.ldap.password, function(err, bindRes) {
|
|
if (err) throw err;
|
|
client.del(dn, function(err) {
|
|
if (err) throw err;
|
|
res.send({
|
|
errcode: 0
|
|
});
|
|
});
|
|
});
|
|
} catch (err) {
|
|
next(err);
|
|
}
|
|
});
|
|
|
|
function randomUid() {
|
|
return Math.ceil(Math.random() * 20000) + 10000;
|
|
}
|
|
|
|
export default router;
|