boenadmin/BastionSSO
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: boenadmin:58e44b5e6129bb682afd469136d721321ad7be84
Branches Tags
boenadmin:main
...
compare: boenadmin:1ec4cbe941900f55124acb8284a5459155e6d3ff
Branches Tags
boenadmin:main

2 Commits
58e44b5e61 ... 1ec4cbe941

Author SHA1 Message Date
Boen_Shi
1ec4cbe941 feat(服务器资源): 支持按资源配置复制临时密码并强化使用校验 
- 新增资源开关 allow_copy_temp_password 并持久化

- 使用资源时强制访问用户名与密码必填并返回中文提示

- 解析 sso 链接提取 SSOToken,按开关返回临时密码
 2026-04-30 09:53:33 +08:00
Boen_Shi
d2c6ae7fc0 fix(用户导入): 仅保留 xlsx 导入并提供 xlsx 模板下载 
- 移除 csv/txt 导入支持,接口仅接受 xlsx

- 新增 xlsx 模板文件生成逻辑

- 优化缺少 ZipArchive 扩展时的中文错误提示
 2026-04-29 15:27:28 +08:00
6 changed files with 406 additions and 3 deletions
Show Stats Expand all files Collapse all files

45
app/Http/Controllers/Api/ServerResourceController.php
View File

@ -89,6 +89,7 @@ class ServerResourceController extends Controller
$description = (string) ($permission->description ?? '');
if (preg_match('/资源ID[:]\s*(\d+)/u', $description, $matches) === 1) {
$resourceIds->push((int) $matches[1]);
continue;
}
@ -316,9 +317,12 @@ class ServerResourceController extends Controller
public function useResource(Request $request, int $id): JsonResponse
{
$validated = $request->validate([
'account_name' => ['nullable', 'string', 'max:255'],
'password' => ['nullable', 'string', 'max:255'],
'account_name' => ['required', 'string', 'max:255'],
'password' => ['required', 'string', 'max:255'],
'protocol' => ['required', 'string', 'max:64'],
], [
'account_name.required' => '请输入访问用户名。',
'password.required' => '请输入访问密码。',
]);
$resource = ServerResource::query()->with('parent')->findOrFail($id);
@ -456,6 +460,11 @@ class ServerResourceController extends Controller
], 502);
}
$tempPassword = null;
if ((bool) $resource->allow_copy_temp_password) {
$tempPassword = $this->extractSsoTokenFromUrl($ssoUrl);
}
AccessLog::query()->create([
'user_id' => $user->id,
'server_resource_id' => $resource->id,
@ -493,10 +502,42 @@ class ServerResourceController extends Controller
'bastion_account_id' => $bastionAccount->id,
'client_type' => (string) data_get($result, 'data.client_type', ''),
'response' => $result,
'allow_copy_temp_password' => (bool) $resource->allow_copy_temp_password,
'temp_password' => $tempPassword,
],
]);
}
private function extractSsoTokenFromUrl(string $ssoUrl): ?string
{
if (! str_starts_with($ssoUrl, 'sso://')) {
return null;
}
$encoded = trim(substr($ssoUrl, strlen('sso://')));
$encoded = rtrim($encoded, '/');
if ($encoded === '') {
return null;
}
$decoded = base64_decode($encoded, true);
if ($decoded === false || $decoded === '') {
return null;
}
$payload = json_decode($decoded, true);
if (! is_array($payload)) {
return null;
}
$token = data_get($payload, 'NODE_COMMON.SSOToken');
if (! is_string($token) || trim($token) === '') {
return null;
}
return trim($token);
}
private function syncDirectPermissionsByPivot(ServerResource $resource, Permission $permission, array $syncData): void
{
if (! $resource->parent_id) {

335
app/Http/Controllers/Api/UserController.php
View File

@ -11,7 +11,11 @@ use App\Models\UserServerPermission;
use hg\apidoc\annotation as Apidoc;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\ValidationException;
use Spatie\Permission\Models\Permission;
use Spatie\Permission\Models\Role;
#[Apidoc\Title('用户管理')]
class UserController extends Controller
@ -20,7 +24,7 @@ class UserController extends Controller
{
$this->middleware('auth:api');
$this->middleware('permission:platform.users.view,api')->only(['index', 'show']);
$this->middleware('permission:platform.users.manage,api')->only(['store', 'update', 'destroy', 'syncPermissions']);
$this->middleware('permission:platform.users.manage,api')->only(['store', 'update', 'destroy', 'syncPermissions', 'import', 'importTemplate']);
}
#[Apidoc\Title('用户列表'), Apidoc\Method('GET'), Apidoc\Url('/users')]
@ -114,6 +118,335 @@ class UserController extends Controller
return response()->json(['code' => 0, 'message' => 'ok', 'data' => null]);
}
#[Apidoc\Title('批量导入用户'), Apidoc\Method('POST'), Apidoc\Url('/users/import')]
public function import(Request $request): JsonResponse
{
$validated = $request->validate([
'file' => ['required', 'file', 'mimes:xlsx'],
]);
$file = $validated['file'];
$rows = $this->parseImportRows($file->getPathname(), (string) $file->getClientOriginalExtension());
if ($rows->isEmpty()) {
throw ValidationException::withMessages([
'file' => ['文件中没有可导入的数据行。'],
]);
}
$createdCount = 0;
$skippedCount = 0;
$errors = [];
foreach ($rows as $index => $row) {
$line = $index + 2;
$normalizedRow = [];
foreach ($row as $key => $value) {
$normalizedRow[$this->normalizeImportHeader((string) $key)] = (string) $value;
}
$payload = [
'nickname' => trim($this->firstMatchedValue($normalizedRow, ['nickname', 'nick_name', 'name', '用户名', '昵称'])),
'email' => trim($this->firstMatchedValue($normalizedRow, ['email', 'mail', '邮箱'])),
'phone' => trim($this->firstMatchedValue($normalizedRow, ['phone', 'mobile', '手机号', '手机', '电话'])),
'password' => trim($this->firstMatchedValue($normalizedRow, ['password', 'passwd', 'pwd', '密码'])),
];
$validator = Validator::make($payload, [
'nickname' => ['required', 'string', 'max:255'],
'email' => ['required', 'email', 'max:255', 'unique:users,email'],
'phone' => ['nullable', 'string', 'max:32', 'unique:users,phone'],
'password' => ['required', 'string', 'min:6', 'max:255'],
]);
if ($validator->fails()) {
$errors[] = [
'line' => $line,
'message' => implode('', $validator->errors()->all()),
];
$skippedCount++;
continue;
}
$user = User::query()->create($payload);
$roleIds = $this->resolveRoleIds($normalizedRow);
if (! empty($roleIds)) {
$user->syncRoles($roleIds);
}
$createdCount++;
}
$this->auditLog($request, 'user_import', [
'metadata' => [
'created_count' => $createdCount,
'skipped_count' => $skippedCount,
'error_count' => count($errors),
],
]);
return response()->json([
'code' => 0,
'message' => 'ok',
'data' => [
'created_count' => $createdCount,
'skipped_count' => $skippedCount,
'errors' => $errors,
],
]);
}
#[Apidoc\Title('下载用户导入模板'), Apidoc\Method('GET'), Apidoc\Url('/users/import/template')]
public function importTemplate()
{
if (! class_exists(\ZipArchive::class)) {
throw ValidationException::withMessages([
'file' => ['当前 PHP 环境未启用 ZipArchive 扩展,无法生成 xlsx 模板。'],
]);
}
$tempPath = tempnam(sys_get_temp_dir(), 'users_import_template_');
if ($tempPath === false) {
throw ValidationException::withMessages(['file' => ['无法创建临时模板文件。']]);
}
$xlsxPath = $tempPath.'.xlsx';
@rename($tempPath, $xlsxPath);
$this->buildUsersImportTemplateXlsx($xlsxPath);
return response()->download(
$xlsxPath,
'users_import_template.xlsx',
['Content-Type' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet']
)->deleteFileAfterSend(true);
}
private function parseImportRows(string $filePath, string $extension): Collection
{
$ext = strtolower($extension);
if ($ext !== 'xlsx') {
throw ValidationException::withMessages(['file' => ['仅支持 xlsx 文件导入。']]);
}
return $this->parseXlsxRows($filePath);
}
private function parseXlsxRows(string $filePath): Collection
{
if (! class_exists(\ZipArchive::class)) {
throw ValidationException::withMessages([
'file' => ['当前 PHP 环境未启用 ZipArchive 扩展,无法导入 xlsx。请启用 php_zip 扩展。'],
]);
}
$zip = new \ZipArchive;
if ($zip->open($filePath) !== true) {
throw ValidationException::withMessages(['file' => ['无法解析 xlsx 文件。']]);
}
$sharedStrings = [];
$sharedXml = $zip->getFromName('xl/sharedStrings.xml');
if (is_string($sharedXml)) {
$sharedDoc = new \SimpleXMLElement($sharedXml);
foreach ($sharedDoc->si as $si) {
$sharedStrings[] = (string) $si->t;
}
}
$sheetXml = $zip->getFromName('xl/worksheets/sheet1.xml');
$zip->close();
if (! is_string($sheetXml)) {
throw ValidationException::withMessages(['file' => ['xlsx 文件缺少 sheet1。']]);
}
$sheet = new \SimpleXMLElement($sheetXml);
$rowsData = [];
foreach ($sheet->sheetData->row as $rowNode) {
$rowValues = [];
foreach ($rowNode->c as $cell) {
$ref = (string) $cell['r'];
preg_match('/^[A-Z]+/', $ref, $matches);
$column = $matches[0] ?? '';
$value = '';
if ((string) $cell['t'] === 's') {
$index = (int) ($cell->v ?? 0);
$value = (string) ($sharedStrings[$index] ?? '');
} else {
$value = (string) ($cell->v ?? '');
}
$rowValues[$column] = $value;
}
$rowsData[] = $rowValues;
}
if (count($rowsData) <= 1) {
return collect();
}
$headerRow = $rowsData[0];
$orderedColumns = array_keys($headerRow);
$headers = [];
foreach ($orderedColumns as $col) {
$headers[] = $this->normalizeImportHeader((string) ($headerRow[$col] ?? ''));
}
$resultRows = collect();
for ($i = 1; $i < count($rowsData); $i++) {
$row = $rowsData[$i];
$assoc = [];
$hasValue = false;
foreach ($orderedColumns as $idx => $col) {
$header = $headers[$idx] ?? '';
if ($header === '') {
continue;
}
$value = (string) ($row[$col] ?? '');
if (trim($value) !== '') {
$hasValue = true;
}
$assoc[$header] = $value;
}
if ($hasValue) {
$resultRows->push($assoc);
}
}
return $resultRows;
}
private function resolveRoleIds(array $row): array
{
$roleIdsRaw = trim((string) ($row['role_ids'] ?? ''));
if ($roleIdsRaw !== '') {
return collect(explode(',', $roleIdsRaw))
->map(fn ($id) => (int) trim($id))
->filter(fn (int $id): bool => $id > 0 && Role::query()->where('id', $id)->exists())
->values()
->all();
}
$roleNamesRaw = trim((string) ($row['roles'] ?? $row['role_names'] ?? ''));
if ($roleNamesRaw === '') {
return [];
}
$names = collect(explode(',', $roleNamesRaw))
->map(fn ($name) => trim($name))
->filter()
->values()
->all();
if (empty($names)) {
return [];
}
return Role::query()
->whereIn('name', $names)
->pluck('id')
->map(fn (int $id): int => (int) $id)
->all();
}
private function normalizeImportHeader(string $header): string
{
$normalized = trim($this->toUtf8($header));
$normalized = preg_replace('/^\xEF\xBB\xBF/u', '', $normalized) ?? $normalized;
$normalized = strtolower(str_replace([' ', '-', '.'], '_', trim($normalized)));
return match ($normalized) {
'昵称', '用户名', '姓名', 'name', 'nick_name' => 'nickname',
'邮箱', '邮件', 'mail' => 'email',
'手机号', '手机', '电话', 'mobile' => 'phone',
'密码', 'passwd', 'pwd' => 'password',
'角色id', '角色ids', 'role_id', '角色_id' => 'role_ids',
'角色', '角色名', 'role_name', 'role_names' => 'roles',
default => $normalized,
};
}
private function toUtf8(string $value): string
{
if ($value === '' || mb_check_encoding($value, 'UTF-8')) {
return $value;
}
return mb_convert_encoding($value, 'UTF-8', 'UTF-8,GB18030,GBK,Big5,ISO-8859-1');
}
/**
* @param array<string, string> $row
* @param array<int, string> $aliases
*/
private function firstMatchedValue(array $row, array $aliases): string
{
foreach ($aliases as $alias) {
$key = $this->normalizeImportHeader($alias);
if (array_key_exists($key, $row)) {
return (string) $row[$key];
}
}
return '';
}
private function buildUsersImportTemplateXlsx(string $xlsxPath): void
{
$zip = new \ZipArchive;
if ($zip->open($xlsxPath, \ZipArchive::CREATE | \ZipArchive::OVERWRITE) !== true) {
throw ValidationException::withMessages(['file' => ['无法生成 xlsx 模板文件。']]);
}
$contentTypes = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'
.'<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types">'
.'<Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/>'
.'<Default Extension="xml" ContentType="application/xml"/>'
.'<Override PartName="/xl/workbook.xml" ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml"/>'
.'<Override PartName="/xl/worksheets/sheet1.xml" ContentType="application/vnd.openxmlformats-officedocument.spreadsheetml.worksheet+xml"/>'
.'</Types>';
$rels = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'
.'<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">'
.'<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="xl/workbook.xml"/>'
.'</Relationships>';
$workbook = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'
.'<workbook xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" '
.'xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">'
.'<sheets><sheet name="Users" sheetId="1" r:id="rId1"/></sheets></workbook>';
$workbookRels = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'
.'<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">'
.'<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/worksheet" Target="worksheets/sheet1.xml"/>'
.'</Relationships>';
$rows = [
['nickname', 'email', 'phone', 'password', 'role_ids'],
['张三', 'zhangsan@example.com', '13800138000', 'Pass@123456', '1'],
['李四', 'lisi@example.com', '13900139000', 'Pass@123456', '1,2'],
];
$sheetData = '';
foreach ($rows as $rowIndex => $cells) {
$r = $rowIndex + 1;
$sheetData .= '<row r="'.$r.'">';
foreach ($cells as $colIndex => $cellValue) {
$column = chr(ord('A') + $colIndex).$r;
$escapedValue = htmlspecialchars((string) $cellValue, ENT_XML1 | ENT_QUOTES, 'UTF-8');
$sheetData .= '<c r="'.$column.'" t="inlineStr"><is><t>'.$escapedValue.'</t></is></c>';
}
$sheetData .= '</row>';
}
$sheet = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'
.'<worksheet xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main"><sheetData>'
.$sheetData
.'</sheetData></worksheet>';
$zip->addFromString('[Content_Types].xml', $contentTypes);
$zip->addFromString('_rels/.rels', $rels);
$zip->addFromString('xl/workbook.xml', $workbook);
$zip->addFromString('xl/_rels/workbook.xml.rels', $workbookRels);
$zip->addFromString('xl/worksheets/sheet1.xml', $sheet);
$zip->close();
}
private function syncServerResourcePermissionsByDirectPermissions(User $user, array $permissionIds): void
{
$resourcePermissions = Permission::query()

1
app/Http/Requests/StoreServerResourceRequest.php
View File

@ -22,6 +22,7 @@ class StoreServerResourceRequest extends FormRequest
'account_id' => ['nullable', 'integer', 'min:1'],
'protocol' => ['nullable', 'string', 'max:64'],
'description' => ['nullable', 'string', 'max:255'],
'allow_copy_temp_password' => ['sometimes', 'boolean'],
'is_active' => ['sometimes', 'boolean'],
];
}

1
app/Http/Requests/UpdateServerResourceRequest.php
View File

@ -22,6 +22,7 @@ class UpdateServerResourceRequest extends FormRequest
'account_id' => ['nullable', 'integer', 'min:1'],
'protocol' => ['nullable', 'string', 'max:64'],
'description' => ['nullable', 'string', 'max:255'],
'allow_copy_temp_password' => ['sometimes', 'boolean'],
'is_active' => ['sometimes', 'boolean'],
];
}

2
app/Models/ServerResource.php
View File

@ -21,6 +21,7 @@ class ServerResource extends Model
'account_id',
'protocols',
'description',
'allow_copy_temp_password',
'is_active',
];
@ -50,6 +51,7 @@ class ServerResource extends Model
{
return [
'protocols' => 'array',
'allow_copy_temp_password' => 'boolean',
'is_active' => 'boolean',
];
}

25
database/migrations/2026_04_30_120000_add_allow_copy_temp_password_to_server_resources_table.php Normal file
View File

@ -0,0 +1,25 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
public function up(): void
{
Schema::table('server_resources', function (Blueprint $table) {
$table->boolean('allow_copy_temp_password')
->default(false)
->after('protocols')
->comment('是否允许用户复制临时密码');
});
}
public function down(): void
{
Schema::table('server_resources', function (Blueprint $table) {
$table->dropColumn('allow_copy_temp_password');
});
}
};