From 1ec4cbe941900f55124acb8284a5459155e6d3ff Mon Sep 17 00:00:00 2001 From: Boen_Shi Date: Thu, 30 Apr 2026 09:53:33 +0800 Subject: [PATCH] =?UTF-8?q?feat(=E6=9C=8D=E5=8A=A1=E5=99=A8=E8=B5=84?= =?UTF-8?q?=E6=BA=90):=20=E6=94=AF=E6=8C=81=E6=8C=89=E8=B5=84=E6=BA=90?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E5=A4=8D=E5=88=B6=E4=B8=B4=E6=97=B6=E5=AF=86?= =?UTF-8?q?=E7=A0=81=E5=B9=B6=E5=BC=BA=E5=8C=96=E4=BD=BF=E7=94=A8=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 新增资源开关 allow_copy_temp_password 并持久化 - 使用资源时强制访问用户名与密码必填并返回中文提示 - 解析 sso 链接提取 SSOToken,按开关返回临时密码 --- .../Api/ServerResourceController.php | 45 ++++++++++++++++++- .../Requests/StoreServerResourceRequest.php | 1 + .../Requests/UpdateServerResourceRequest.php | 1 + app/Models/ServerResource.php | 2 + ...emp_password_to_server_resources_table.php | 25 +++++++++++ 5 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 database/migrations/2026_04_30_120000_add_allow_copy_temp_password_to_server_resources_table.php diff --git a/app/Http/Controllers/Api/ServerResourceController.php b/app/Http/Controllers/Api/ServerResourceController.php index fbcf571..afa0959 100644 --- a/app/Http/Controllers/Api/ServerResourceController.php +++ b/app/Http/Controllers/Api/ServerResourceController.php @@ -89,6 +89,7 @@ class ServerResourceController extends Controller $description = (string) ($permission->description ?? ''); if (preg_match('/资源ID[::]\s*(\d+)/u', $description, $matches) === 1) { $resourceIds->push((int) $matches[1]); + continue; } @@ -316,9 +317,12 @@ class ServerResourceController extends Controller public function useResource(Request $request, int $id): JsonResponse { $validated = $request->validate([ - 'account_name' => ['nullable', 'string', 'max:255'], - 'password' => ['nullable', 'string', 'max:255'], + 'account_name' => ['required', 'string', 'max:255'], + 'password' => ['required', 'string', 'max:255'], 'protocol' => ['required', 'string', 'max:64'], + ], [ + 'account_name.required' => '请输入访问用户名。', + 'password.required' => '请输入访问密码。', ]); $resource = ServerResource::query()->with('parent')->findOrFail($id); @@ -456,6 +460,11 @@ class ServerResourceController extends Controller ], 502); } + $tempPassword = null; + if ((bool) $resource->allow_copy_temp_password) { + $tempPassword = $this->extractSsoTokenFromUrl($ssoUrl); + } + AccessLog::query()->create([ 'user_id' => $user->id, 'server_resource_id' => $resource->id, @@ -493,10 +502,42 @@ class ServerResourceController extends Controller 'bastion_account_id' => $bastionAccount->id, 'client_type' => (string) data_get($result, 'data.client_type', ''), 'response' => $result, + 'allow_copy_temp_password' => (bool) $resource->allow_copy_temp_password, + 'temp_password' => $tempPassword, ], ]); } + private function extractSsoTokenFromUrl(string $ssoUrl): ?string + { + if (! str_starts_with($ssoUrl, 'sso://')) { + return null; + } + + $encoded = trim(substr($ssoUrl, strlen('sso://'))); + $encoded = rtrim($encoded, '/'); + if ($encoded === '') { + return null; + } + + $decoded = base64_decode($encoded, true); + if ($decoded === false || $decoded === '') { + return null; + } + + $payload = json_decode($decoded, true); + if (! is_array($payload)) { + return null; + } + + $token = data_get($payload, 'NODE_COMMON.SSOToken'); + if (! is_string($token) || trim($token) === '') { + return null; + } + + return trim($token); + } + private function syncDirectPermissionsByPivot(ServerResource $resource, Permission $permission, array $syncData): void { if (! $resource->parent_id) { diff --git a/app/Http/Requests/StoreServerResourceRequest.php b/app/Http/Requests/StoreServerResourceRequest.php index 8d540a6..36cfc42 100644 --- a/app/Http/Requests/StoreServerResourceRequest.php +++ b/app/Http/Requests/StoreServerResourceRequest.php @@ -22,6 +22,7 @@ class StoreServerResourceRequest extends FormRequest 'account_id' => ['nullable', 'integer', 'min:1'], 'protocol' => ['nullable', 'string', 'max:64'], 'description' => ['nullable', 'string', 'max:255'], + 'allow_copy_temp_password' => ['sometimes', 'boolean'], 'is_active' => ['sometimes', 'boolean'], ]; } diff --git a/app/Http/Requests/UpdateServerResourceRequest.php b/app/Http/Requests/UpdateServerResourceRequest.php index 25910b0..eedacef 100644 --- a/app/Http/Requests/UpdateServerResourceRequest.php +++ b/app/Http/Requests/UpdateServerResourceRequest.php @@ -22,6 +22,7 @@ class UpdateServerResourceRequest extends FormRequest 'account_id' => ['nullable', 'integer', 'min:1'], 'protocol' => ['nullable', 'string', 'max:64'], 'description' => ['nullable', 'string', 'max:255'], + 'allow_copy_temp_password' => ['sometimes', 'boolean'], 'is_active' => ['sometimes', 'boolean'], ]; } diff --git a/app/Models/ServerResource.php b/app/Models/ServerResource.php index 47a5fe8..16b1a2b 100644 --- a/app/Models/ServerResource.php +++ b/app/Models/ServerResource.php @@ -21,6 +21,7 @@ class ServerResource extends Model 'account_id', 'protocols', 'description', + 'allow_copy_temp_password', 'is_active', ]; @@ -50,6 +51,7 @@ class ServerResource extends Model { return [ 'protocols' => 'array', + 'allow_copy_temp_password' => 'boolean', 'is_active' => 'boolean', ]; } diff --git a/database/migrations/2026_04_30_120000_add_allow_copy_temp_password_to_server_resources_table.php b/database/migrations/2026_04_30_120000_add_allow_copy_temp_password_to_server_resources_table.php new file mode 100644 index 0000000..ac9235d --- /dev/null +++ b/database/migrations/2026_04_30_120000_add_allow_copy_temp_password_to_server_resources_table.php @@ -0,0 +1,25 @@ +boolean('allow_copy_temp_password') + ->default(false) + ->after('protocols') + ->comment('是否允许用户复制临时密码'); + }); + } + + public function down(): void + { + Schema::table('server_resources', function (Blueprint $table) { + $table->dropColumn('allow_copy_temp_password'); + }); + } +};