diff --git a/internal/api/msg.go b/internal/api/msg.go index ee1bd98f5..180342e59 100644 --- a/internal/api/msg.go +++ b/internal/api/msg.go @@ -40,13 +40,13 @@ type MessageApi struct { *rpcclient.Message validate *validator.Validate userRpcClient *rpcclient.UserRpcClient - imAdmin *config.IMAdmin + imAdminUserID []string } func NewMessageApi(msgRpcClient *rpcclient.Message, userRpcClient *rpcclient.User, - imAdmin *config.IMAdmin) MessageApi { + imAdminUserID []string) MessageApi { return MessageApi{Message: msgRpcClient, validate: validator.New(), - userRpcClient: rpcclient.NewUserRpcClientByUser(userRpcClient), imAdmin: imAdmin} + userRpcClient: rpcclient.NewUserRpcClientByUser(userRpcClient), imAdminUserID: imAdminUserID} } func (MessageApi) SetOptions(options map[string]bool, value bool) { @@ -204,7 +204,7 @@ func (m *MessageApi) SendMessage(c *gin.Context) { } // Check if the user has the app manager role. - if !authverify.IsAppManagerUid(c, m.imAdmin) { + if !authverify.IsAppManagerUid(c, m.imAdminUserID) { // Respond with a permission error if the user is not an app manager. apiresp.GinError(c, errs.ErrNoPermission.WrapMsg("only app manager can send message")) return @@ -259,7 +259,7 @@ func (m *MessageApi) SendBusinessNotification(c *gin.Context) { return } - if !authverify.IsAppManagerUid(c, m.imAdmin) { + if !authverify.IsAppManagerUid(c, m.imAdminUserID) { apiresp.GinError(c, errs.ErrNoPermission.WrapMsg("only app manager can send message")) return } @@ -302,7 +302,7 @@ func (m *MessageApi) BatchSendMsg(c *gin.Context) { apiresp.GinError(c, errs.ErrArgs.WithDetail(err.Error()).Wrap()) return } - if err := authverify.CheckAdmin(c, m.imAdmin); err != nil { + if err := authverify.CheckAdmin(c, m.imAdminUserID); err != nil { apiresp.GinError(c, errs.ErrNoPermission.WrapMsg("only app manager can send message")) return } diff --git a/internal/api/route.go b/internal/api/route.go index 104afab80..e66e4342a 100644 --- a/internal/api/route.go +++ b/internal/api/route.go @@ -145,7 +145,7 @@ func newGinRouter(disCov discovery.SvcDiscoveryRegistry, rdb redis.UniversalClie r.Use(gin.Recovery(), mw.CorsHandler(), mw.GinParseOperationID()) // init rpc client here userRpc := rpcclient.NewUser(disCov, config.Share.RpcRegisterName.User, config.Share.RpcRegisterName.MessageGateway, - &config.Share.IMAdmin) + config.Share.IMAdminUserID) groupRpc := rpcclient.NewGroup(disCov, config.Share.RpcRegisterName.Group) friendRpc := rpcclient.NewFriend(disCov, config.Share.RpcRegisterName.Friend) messageRpc := rpcclient.NewMessage(disCov, config.Share.RpcRegisterName.Msg) @@ -154,7 +154,7 @@ func newGinRouter(disCov discovery.SvcDiscoveryRegistry, rdb redis.UniversalClie thirdRpc := rpcclient.NewThird(disCov, config.Share.RpcRegisterName.Third, config.RpcConfig.Prometheus.GrafanaURL) u := NewUserApi(*userRpc) - m := NewMessageApi(messageRpc, userRpc, &config.Share.IMAdmin) + m := NewMessageApi(messageRpc, userRpc, config.Share.IMAdminUserID) ParseToken := GinParseToken(authRpc) userRouterGroup := r.Group("/user") { diff --git a/internal/msggateway/hub_server.go b/internal/msggateway/hub_server.go index 8d7a9b706..2bea24a70 100644 --- a/internal/msggateway/hub_server.go +++ b/internal/msggateway/hub_server.go @@ -91,7 +91,7 @@ func (s *Server) GetUsersOnlineStatus( ctx context.Context, req *msggateway.GetUsersOnlineStatusReq, ) (*msggateway.GetUsersOnlineStatusResp, error) { - if !authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) { return nil, errs.ErrNoPermission.WrapMsg("only app manager") } var resp msggateway.GetUsersOnlineStatusResp diff --git a/internal/msggateway/n_ws_server.go b/internal/msggateway/n_ws_server.go index fc018904d..44c17a6a9 100644 --- a/internal/msggateway/n_ws_server.go +++ b/internal/msggateway/n_ws_server.go @@ -87,7 +87,7 @@ type kickHandler struct { func (ws *WsServer) SetDiscoveryRegistry(disCov discovery.SvcDiscoveryRegistry, config *Config) { ws.MessageHandler = NewGrpcHandler(ws.validate, disCov, &config.Share.RpcRegisterName) - u := rpcclient.NewUserRpcClient(disCov, config.Share.RpcRegisterName.User, &config.Share.IMAdmin) + u := rpcclient.NewUserRpcClient(disCov, config.Share.RpcRegisterName.User, config.Share.IMAdminUserID) ws.userClient = &u ws.disCov = disCov } diff --git a/internal/push/push_to_client.go b/internal/push/push_to_client.go index c5a01b7c9..0e8f826a3 100644 --- a/internal/push/push_to_client.go +++ b/internal/push/push_to_client.go @@ -238,8 +238,8 @@ func (p *Pusher) Push2SuperGroup(ctx context.Context, groupID string, msg *sdkws return err } log.ZDebug(ctx, "GroupDismissedNotificationInfo****", "groupID", groupID, "num", len(pushToUserIDs), "list", pushToUserIDs) - if len(p.config.Share.IMAdmin.UserID) > 0 { - ctx = mcontext.WithOpUserIDContext(ctx, p.config.Share.IMAdmin.UserID[0]) + if len(p.config.Share.IMAdminUserID) > 0 { + ctx = mcontext.WithOpUserIDContext(ctx, p.config.Share.IMAdminUserID[0]) } defer func(groupID string) { if err = p.groupRpcClient.DismissGroup(ctx, groupID); err != nil { diff --git a/internal/rpc/auth/auth.go b/internal/rpc/auth/auth.go index e7c011a8d..83ad46fa9 100644 --- a/internal/rpc/auth/auth.go +++ b/internal/rpc/auth/auth.go @@ -55,7 +55,7 @@ func Start(ctx context.Context, config *Config, client discovery.SvcDiscoveryReg if err != nil { return err } - userRpcClient := rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, &config.Share.IMAdmin) + userRpcClient := rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, config.Share.IMAdminUserID) pbauth.RegisterAuthServer(server, &authServer{ userRpcClient: &userRpcClient, RegisterCenter: client, @@ -88,12 +88,12 @@ func (s *authServer) UserToken(ctx context.Context, req *pbauth.UserTokenReq) (* } func (s *authServer) GetUserToken(ctx context.Context, req *pbauth.GetUserTokenReq) (*pbauth.GetUserTokenResp, error) { - if err := authverify.CheckAdmin(ctx, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID); err != nil { return nil, err } resp := pbauth.GetUserTokenResp{} - if authverify.IsManagerUserID(req.UserID, &s.config.Share.IMAdmin) { + if authverify.IsManagerUserID(req.UserID, s.config.Share.IMAdminUserID) { return nil, errs.ErrNoPermission.WrapMsg("don't get Admin token") } if _, err := s.userRpcClient.GetUserInfo(ctx, req.UserID); err != nil { @@ -149,7 +149,7 @@ func (s *authServer) ParseToken( } func (s *authServer) ForceLogout(ctx context.Context, req *pbauth.ForceLogoutReq) (*pbauth.ForceLogoutResp, error) { - if err := authverify.CheckAdmin(ctx, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID); err != nil { return nil, err } if err := s.forceKickOff(ctx, req.UserID, req.PlatformID, mcontext.GetOperationID(ctx)); err != nil { diff --git a/internal/rpc/conversation/conversaion.go b/internal/rpc/conversation/conversaion.go index 36c1bdd70..d30053398 100644 --- a/internal/rpc/conversation/conversaion.go +++ b/internal/rpc/conversation/conversaion.go @@ -73,7 +73,7 @@ func Start(ctx context.Context, config *Config, client discovery.SvcDiscoveryReg } groupRpcClient := rpcclient.NewGroupRpcClient(client, config.Share.RpcRegisterName.Group) msgRpcClient := rpcclient.NewMessageRpcClient(client, config.Share.RpcRegisterName.Msg) - userRpcClient := rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, &config.Share.IMAdmin) + userRpcClient := rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, config.Share.IMAdminUserID) cache.InitLocalCache(&config.LocalCacheConfig) pbconversation.RegisterConversationServer(server, &conversationServer{ msgRpcClient: &msgRpcClient, diff --git a/internal/rpc/friend/black.go b/internal/rpc/friend/black.go index 591859194..a0b202ffa 100644 --- a/internal/rpc/friend/black.go +++ b/internal/rpc/friend/black.go @@ -68,7 +68,7 @@ func (s *friendServer) RemoveBlack(ctx context.Context, req *pbfriend.RemoveBlac } func (s *friendServer) AddBlack(ctx context.Context, req *pbfriend.AddBlackReq) (*pbfriend.AddBlackResp, error) { - if err := authverify.CheckAccessV3(ctx, req.OwnerUserID, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.OwnerUserID, s.config.Share.IMAdminUserID); err != nil { return nil, err } _, err := s.userRpcClient.GetUsersInfo(ctx, []string{req.OwnerUserID, req.BlackUserID}) diff --git a/internal/rpc/friend/friend.go b/internal/rpc/friend/friend.go index fb7a14276..5ebe288d2 100644 --- a/internal/rpc/friend/friend.go +++ b/internal/rpc/friend/friend.go @@ -85,7 +85,7 @@ func Start(ctx context.Context, config *Config, client discovery.SvcDiscoveryReg } // Initialize RPC clients - userRpcClient := rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, &config.Share.IMAdmin) + userRpcClient := rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, config.Share.IMAdminUserID) msgRpcClient := rpcclient.NewMessageRpcClient(client, config.Share.RpcRegisterName.Msg) // Initialize notification sender @@ -121,7 +121,7 @@ func Start(ctx context.Context, config *Config, client discovery.SvcDiscoveryReg // ok. func (s *friendServer) ApplyToAddFriend(ctx context.Context, req *pbfriend.ApplyToAddFriendReq) (resp *pbfriend.ApplyToAddFriendResp, err error) { resp = &pbfriend.ApplyToAddFriendResp{} - if err := authverify.CheckAccessV3(ctx, req.FromUserID, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.FromUserID, s.config.Share.IMAdminUserID); err != nil { return nil, err } @@ -161,7 +161,7 @@ func (s *friendServer) ApplyToAddFriend(ctx context.Context, req *pbfriend.Apply // ok. func (s *friendServer) ImportFriends(ctx context.Context, req *pbfriend.ImportFriendReq) (resp *pbfriend.ImportFriendResp, err error) { - if err := authverify.CheckAdmin(ctx, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID); err != nil { return nil, err } if _, err := s.userRpcClient.GetUsersInfo(ctx, append([]string{req.OwnerUserID}, req.FriendUserIDs...)); err != nil { @@ -197,7 +197,7 @@ func (s *friendServer) ImportFriends(ctx context.Context, req *pbfriend.ImportFr // ok. func (s *friendServer) RespondFriendApply(ctx context.Context, req *pbfriend.RespondFriendApplyReq) (resp *pbfriend.RespondFriendApplyResp, err error) { resp = &pbfriend.RespondFriendApplyResp{} - if err := authverify.CheckAccessV3(ctx, req.ToUserID, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.ToUserID, s.config.Share.IMAdminUserID); err != nil { return nil, err } diff --git a/internal/rpc/group/group.go b/internal/rpc/group/group.go index b5305378a..44e22a10e 100644 --- a/internal/rpc/group/group.go +++ b/internal/rpc/group/group.go @@ -94,7 +94,7 @@ func Start(ctx context.Context, config *Config, client discovery.SvcDiscoveryReg if err != nil { return err } - userRpcClient := rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, &config.Share.IMAdmin) + userRpcClient := rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, config.Share.IMAdminUserID) msgRpcClient := rpcclient.NewMessageRpcClient(client, config.Share.RpcRegisterName.Msg) conversationRpcClient := rpcclient.NewConversationRpcClient(client, config.Share.RpcRegisterName.Conversation) var gs groupServer @@ -141,7 +141,7 @@ func (s *groupServer) NotificationUserInfoUpdate(ctx context.Context, req *pbgro } func (s *groupServer) CheckGroupAdmin(ctx context.Context, groupID string) error { - if !authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) { groupMember, err := s.db.TakeGroupMember(ctx, groupID, mcontext.GetOpUserID(ctx)) if err != nil { return err @@ -206,7 +206,8 @@ func (s *groupServer) CreateGroup(ctx context.Context, req *pbgroup.CreateGroupR if req.OwnerUserID == "" { return nil, errs.ErrArgs.WrapMsg("no group owner") } - if err := authverify.CheckAccessV3(ctx, req.OwnerUserID, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.OwnerUserID, s.config.Share.IMAdminUserID); err != nil { + return nil, err } userIDs := append(append(req.MemberUserIDs, req.AdminUserIDs...), req.OwnerUserID) @@ -338,7 +339,7 @@ func (s *groupServer) CreateGroup(ctx context.Context, req *pbgroup.CreateGroupR } func (s *groupServer) GetJoinedGroupList(ctx context.Context, req *pbgroup.GetJoinedGroupListReq) (*pbgroup.GetJoinedGroupListResp, error) { - if err := authverify.CheckAccessV3(ctx, req.FromUserID, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.FromUserID, s.config.Share.IMAdminUserID); err != nil { return nil, err } total, members, err := s.db.PageGetJoinGroup(ctx, req.FromUserID, req.Pagination) @@ -410,7 +411,7 @@ func (s *groupServer) InviteUserToGroup(ctx context.Context, req *pbgroup.Invite var groupMember *relationtb.GroupMemberModel var opUserID string - if !authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) { opUserID = mcontext.GetOpUserID(ctx) var err error groupMember, err = s.db.TakeGroupMember(ctx, req.GroupID, opUserID) @@ -432,7 +433,7 @@ func (s *groupServer) InviteUserToGroup(ctx context.Context, req *pbgroup.Invite } if group.NeedVerification == constant.AllNeedVerification { - if !authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) { if !(groupMember.RoleLevel == constant.GroupOwner || groupMember.RoleLevel == constant.GroupAdmin) { var requests []*relationtb.GroupRequestModel for _, userID := range req.InvitedUserIDs { @@ -575,7 +576,7 @@ func (s *groupServer) KickGroupMember(ctx context.Context, req *pbgroup.KickGrou for i, member := range members { memberMap[member.UserID] = members[i] } - isAppManagerUid := authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) + isAppManagerUid := authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) opMember := memberMap[opUserID] for _, userID := range req.KickedUserIDs { member, ok := memberMap[userID] @@ -778,7 +779,7 @@ func (s *groupServer) GroupApplicationResponse(ctx context.Context, req *pbgroup if !datautil.Contain(req.HandleResult, constant.GroupResponseAgree, constant.GroupResponseRefuse) { return nil, errs.ErrArgs.WrapMsg("HandleResult unknown") } - if !authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) { groupMember, err := s.db.TakeGroupMember(ctx, req.GroupID, mcontext.GetOpUserID(ctx)) if err != nil { return nil, err @@ -938,7 +939,7 @@ func (s *groupServer) QuitGroup(ctx context.Context, req *pbgroup.QuitGroupReq) if req.UserID == "" { req.UserID = mcontext.GetOpUserID(ctx) } else { - if err := authverify.CheckAccessV3(ctx, req.UserID, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID, s.config.Share.IMAdminUserID); err != nil { return nil, err } } @@ -983,7 +984,7 @@ func (s *groupServer) deleteMemberAndSetConversationSeq(ctx context.Context, gro func (s *groupServer) SetGroupInfo(ctx context.Context, req *pbgroup.SetGroupInfoReq) (*pbgroup.SetGroupInfoResp, error) { var opMember *relationtb.GroupMemberModel - if !authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) { var err error opMember, err = s.db.TakeGroupMember(ctx, req.GroupInfoForSet.GroupID, mcontext.GetOpUserID(ctx)) if err != nil { @@ -1109,7 +1110,7 @@ func (s *groupServer) TransferGroupOwner(ctx context.Context, req *pbgroup.Trans if newOwner == nil { return nil, errs.ErrArgs.WrapMsg("NewOwnerUser not in group " + req.NewOwnerUserID) } - if !authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) { if !(mcontext.GetOpUserID(ctx) == oldOwner.UserID && oldOwner.RoleLevel == constant.GroupOwner) { return nil, errs.ErrNoPermission.WrapMsg("no permission transfer group owner") } @@ -1248,7 +1249,7 @@ func (s *groupServer) DismissGroup(ctx context.Context, req *pbgroup.DismissGrou if err != nil { return nil, err } - if !authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) { if owner.UserID != mcontext.GetOpUserID(ctx) { return nil, errs.ErrNoPermission.WrapMsg("not group owner") } @@ -1311,7 +1312,7 @@ func (s *groupServer) MuteGroupMember(ctx context.Context, req *pbgroup.MuteGrou if err := s.PopulateGroupMember(ctx, member); err != nil { return nil, err } - if !authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) { opMember, err := s.db.TakeGroupMember(ctx, req.GroupID, mcontext.GetOpUserID(ctx)) if err != nil { return nil, err @@ -1345,7 +1346,7 @@ func (s *groupServer) CancelMuteGroupMember(ctx context.Context, req *pbgroup.Ca if err := s.PopulateGroupMember(ctx, member); err != nil { return nil, err } - if !authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) { opMember, err := s.db.TakeGroupMember(ctx, req.GroupID, mcontext.GetOpUserID(ctx)) if err != nil { return nil, err @@ -1401,7 +1402,7 @@ func (s *groupServer) SetGroupMemberInfo(ctx context.Context, req *pbgroup.SetGr if opUserID == "" { return nil, errs.ErrNoPermission.WrapMsg("no op user id") } - isAppManagerUid := authverify.IsAppManagerUid(ctx, &s.config.Share.IMAdmin) + isAppManagerUid := authverify.IsAppManagerUid(ctx, s.config.Share.IMAdminUserID) for i := range req.Members { req.Members[i].FaceURL = nil } diff --git a/internal/rpc/group/notification.go b/internal/rpc/group/notification.go index 97a08310e..973dc1f3c 100644 --- a/internal/rpc/group/notification.go +++ b/internal/rpc/group/notification.go @@ -248,7 +248,7 @@ func (g *GroupNotificationSender) fillOpUser(ctx context.Context, opUser **sdkws } userID := mcontext.GetOpUserID(ctx) if groupID != "" { - if authverify.IsManagerUserID(userID, &g.config.Share.IMAdmin) { + if authverify.IsManagerUserID(userID, g.config.Share.IMAdminUserID) { *opUser = &sdkws.GroupMemberFullInfo{ GroupID: groupID, UserID: userID, diff --git a/internal/rpc/msg/delete.go b/internal/rpc/msg/delete.go index 708696e70..3f09d4225 100644 --- a/internal/rpc/msg/delete.go +++ b/internal/rpc/msg/delete.go @@ -42,7 +42,7 @@ func (m *msgServer) validateDeleteSyncOpt(opt *msg.DeleteSyncOpt) (isSyncSelf, i } func (m *msgServer) ClearConversationsMsg(ctx context.Context, req *msg.ClearConversationsMsgReq) (*msg.ClearConversationsMsgResp, error) { - if err := authverify.CheckAccessV3(ctx, req.UserID, &m.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID, m.config.Share.IMAdminUserID); err != nil { return nil, err } if err := m.clearConversation(ctx, req.ConversationIDs, req.UserID, req.DeleteSyncOpt); err != nil { @@ -52,7 +52,7 @@ func (m *msgServer) ClearConversationsMsg(ctx context.Context, req *msg.ClearCon } func (m *msgServer) UserClearAllMsg(ctx context.Context, req *msg.UserClearAllMsgReq) (*msg.UserClearAllMsgResp, error) { - if err := authverify.CheckAccessV3(ctx, req.UserID, &m.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID, m.config.Share.IMAdminUserID); err != nil { return nil, err } conversationIDs, err := m.ConversationLocalCache.GetConversationIDs(ctx, req.UserID) @@ -66,7 +66,7 @@ func (m *msgServer) UserClearAllMsg(ctx context.Context, req *msg.UserClearAllMs } func (m *msgServer) DeleteMsgs(ctx context.Context, req *msg.DeleteMsgsReq) (*msg.DeleteMsgsResp, error) { - if err := authverify.CheckAccessV3(ctx, req.UserID, &m.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID, m.config.Share.IMAdminUserID); err != nil { return nil, err } isSyncSelf, isSyncOther := m.validateDeleteSyncOpt(req.DeleteSyncOpt) @@ -108,7 +108,7 @@ func (m *msgServer) DeleteMsgPhysicalBySeq(ctx context.Context, req *msg.DeleteM } func (m *msgServer) DeleteMsgPhysical(ctx context.Context, req *msg.DeleteMsgPhysicalReq) (*msg.DeleteMsgPhysicalResp, error) { - if err := authverify.CheckAdmin(ctx, &m.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAdmin(ctx, m.config.Share.IMAdminUserID); err != nil { return nil, err } remainTime := timeutil.GetCurrentTimestampBySecond() - req.Timestamp diff --git a/internal/rpc/msg/revoke.go b/internal/rpc/msg/revoke.go index 9dc164ab6..f6be0722f 100644 --- a/internal/rpc/msg/revoke.go +++ b/internal/rpc/msg/revoke.go @@ -41,7 +41,7 @@ func (m *msgServer) RevokeMsg(ctx context.Context, req *msg.RevokeMsgReq) (*msg. if req.Seq < 0 { return nil, errs.ErrArgs.WrapMsg("seq is invalid") } - if err := authverify.CheckAccessV3(ctx, req.UserID, &m.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID, m.config.Share.IMAdminUserID); err != nil { return nil, err } user, err := m.UserLocalCache.GetUserInfo(ctx, req.UserID) @@ -62,10 +62,10 @@ func (m *msgServer) RevokeMsg(ctx context.Context, req *msg.RevokeMsgReq) (*msg. data, _ := json.Marshal(msgs[0]) log.ZDebug(ctx, "GetMsgBySeqs", "conversationID", req.ConversationID, "seq", req.Seq, "msg", string(data)) var role int32 - if !authverify.IsAppManagerUid(ctx, &m.config.Share.IMAdmin) { + if !authverify.IsAppManagerUid(ctx, m.config.Share.IMAdminUserID) { switch msgs[0].SessionType { case constant.SingleChatType: - if err := authverify.CheckAccessV3(ctx, msgs[0].SendID, &m.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, msgs[0].SendID, m.config.Share.IMAdminUserID); err != nil { return nil, err } role = user.AppMangerLevel @@ -104,8 +104,9 @@ func (m *msgServer) RevokeMsg(ctx context.Context, req *msg.RevokeMsgReq) (*msg. } revokerUserID := mcontext.GetOpUserID(ctx) var flag bool - if len(m.config.Share.IMAdmin.UserID) > 0 { - flag = datautil.Contain(revokerUserID, m.config.Share.IMAdmin.UserID...) + + if len(m.config.Share.IMAdminUserID) > 0 { + flag = datautil.Contain(revokerUserID, m.config.Share.IMAdminUserID...) } tips := sdkws.RevokeMsgTips{ RevokerUserID: revokerUserID, diff --git a/internal/rpc/msg/server.go b/internal/rpc/msg/server.go index 308466783..1ccc493ac 100644 --- a/internal/rpc/msg/server.go +++ b/internal/rpc/msg/server.go @@ -85,7 +85,7 @@ func Start(ctx context.Context, config *Config, client discovery.SvcDiscoveryReg msgModel := cache.NewMsgCache(rdb, 86400, config.RedisConfig.EnablePipeline) seqModel := cache.NewSeqCache(rdb) conversationClient := rpcclient.NewConversationRpcClient(client, config.Share.RpcRegisterName.Conversation) - userRpcClient := rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, &config.Share.IMAdmin) + userRpcClient := rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, config.Share.IMAdminUserID) groupRpcClient := rpcclient.NewGroupRpcClient(client, config.Share.RpcRegisterName.Group) friendRpcClient := rpcclient.NewFriendRpcClient(client, config.Share.RpcRegisterName.Friend) msgDatabase, err := controller.NewCommonMsgDatabase(msgDocModel, msgModel, seqModel, &config.KafkaConfig) diff --git a/internal/rpc/msg/sync_msg.go b/internal/rpc/msg/sync_msg.go index 5fc2a568c..af04102e6 100644 --- a/internal/rpc/msg/sync_msg.go +++ b/internal/rpc/msg/sync_msg.go @@ -87,7 +87,7 @@ func (m *msgServer) PullMessageBySeqs(ctx context.Context, req *sdkws.PullMessag } func (m *msgServer) GetMaxSeq(ctx context.Context, req *sdkws.GetMaxSeqReq) (*sdkws.GetMaxSeqResp, error) { - if err := authverify.CheckAccessV3(ctx, req.UserID, &m.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID, m.config.Share.IMAdminUserID); err != nil { return nil, err } conversationIDs, err := m.ConversationLocalCache.GetConversationIDs(ctx, req.UserID) diff --git a/internal/rpc/msg/verify.go b/internal/rpc/msg/verify.go index 86b8cb372..30b6af85f 100644 --- a/internal/rpc/msg/verify.go +++ b/internal/rpc/msg/verify.go @@ -52,7 +52,7 @@ type MessageRevoked struct { func (m *msgServer) messageVerification(ctx context.Context, data *msg.SendMsgReq) error { switch data.MsgData.SessionType { case constant.SingleChatType: - if datautil.Contain(data.MsgData.SendID, m.config.Share.IMAdmin.UserID...) { + if datautil.Contain(data.MsgData.SendID, m.config.Share.IMAdminUserID...) { return nil } if data.MsgData.ContentType <= constant.NotificationEnd && @@ -90,7 +90,7 @@ func (m *msgServer) messageVerification(ctx context.Context, data *msg.SendMsgRe return nil } - if datautil.Contain(data.MsgData.SendID, m.config.Share.IMAdmin.UserID...) { + if datautil.Contain(data.MsgData.SendID, m.config.Share.IMAdminUserID...) { return nil } if data.MsgData.ContentType <= constant.NotificationEnd && diff --git a/internal/rpc/third/log.go b/internal/rpc/third/log.go index 40c660c6b..7712851ed 100644 --- a/internal/rpc/third/log.go +++ b/internal/rpc/third/log.go @@ -82,7 +82,7 @@ func (t *thirdServer) UploadLogs(ctx context.Context, req *third.UploadLogsReq) } func (t *thirdServer) DeleteLogs(ctx context.Context, req *third.DeleteLogsReq) (*third.DeleteLogsResp, error) { - if err := authverify.CheckAdmin(ctx, &t.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAdmin(ctx, t.config.Share.IMAdminUserID); err != nil { return nil, err } userID := "" @@ -123,7 +123,7 @@ func dbToPbLogInfos(logs []*relationtb.LogModel) []*third.LogInfo { } func (t *thirdServer) SearchLogs(ctx context.Context, req *third.SearchLogsReq) (*third.SearchLogsResp, error) { - if err := authverify.CheckAdmin(ctx, &t.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAdmin(ctx, t.config.Share.IMAdminUserID); err != nil { return nil, err } var ( diff --git a/internal/rpc/third/third.go b/internal/rpc/third/third.go index d4db46f26..ad87fa6f5 100644 --- a/internal/rpc/third/third.go +++ b/internal/rpc/third/third.go @@ -105,7 +105,7 @@ func Start(ctx context.Context, config *Config, client discovery.SvcDiscoveryReg third.RegisterThirdServer(server, &thirdServer{ apiURL: apiURL, thirdDatabase: controller.NewThirdDatabase(cache.NewThirdCache(rdb), logdb), - userRpcClient: rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, &config.Share.IMAdmin), + userRpcClient: rpcclient.NewUserRpcClient(client, config.Share.RpcRegisterName.User, config.Share.IMAdminUserID), s3dataBase: controller.NewS3Database(rdb, o, s3db), defaultExpire: time.Hour * 24 * 7, config: config, diff --git a/internal/rpc/third/tool.go b/internal/rpc/third/tool.go index 57acda0bb..ac4be3968 100644 --- a/internal/rpc/third/tool.go +++ b/internal/rpc/third/tool.go @@ -54,7 +54,7 @@ func (t *thirdServer) checkUploadName(ctx context.Context, name string) error { if opUserID == "" { return errs.ErrNoPermission.WrapMsg("opUserID is empty") } - if !authverify.IsManagerUserID(opUserID, &t.config.Share.IMAdmin) { + if !authverify.IsManagerUserID(opUserID, t.config.Share.IMAdminUserID) { if !strings.HasPrefix(name, opUserID+"/") { return errs.ErrNoPermission.WrapMsg(fmt.Sprintf("name must start with `%s/`", opUserID)) } @@ -80,5 +80,5 @@ func checkValidObjectName(objectName string) error { } func (t *thirdServer) IsManagerUserID(opUserID string) bool { - return authverify.IsManagerUserID(opUserID, &t.config.Share.IMAdmin) + return authverify.IsManagerUserID(opUserID, t.config.Share.IMAdminUserID) } diff --git a/internal/rpc/user/user.go b/internal/rpc/user/user.go index ebe2d5e65..712de03cf 100644 --- a/internal/rpc/user/user.go +++ b/internal/rpc/user/user.go @@ -76,11 +76,9 @@ func Start(ctx context.Context, config *Config, client registry.SvcDiscoveryRegi return err } users := make([]*tablerelation.UserModel, 0) - if len(config.Share.IMAdmin.UserID) != len(config.Share.IMAdmin.Nickname) { - return errs.New("the count of ImAdmin.UserID is not equal to the count of ImAdmin.Nickname").Wrap() - } - for k, v := range config.Share.IMAdmin.UserID { - users = append(users, &tablerelation.UserModel{UserID: v, Nickname: config.Share.IMAdmin.Nickname[k], AppMangerLevel: constant.AppNotificationAdmin}) + + for _, v := range config.Share.IMAdminUserID { + users = append(users, &tablerelation.UserModel{UserID: v, Nickname: v, AppMangerLevel: constant.AppNotificationAdmin}) } userDB, err := mgo.NewUserMongo(mgocli.GetDB()) if err != nil { @@ -118,7 +116,7 @@ func (s *userServer) GetDesignateUsers(ctx context.Context, req *pbuser.GetDesig func (s *userServer) UpdateUserInfo(ctx context.Context, req *pbuser.UpdateUserInfoReq) (resp *pbuser.UpdateUserInfoResp, err error) { resp = &pbuser.UpdateUserInfoResp{} - err = authverify.CheckAccessV3(ctx, req.UserInfo.UserID, &s.config.Share.IMAdmin) + err = authverify.CheckAccessV3(ctx, req.UserInfo.UserID, s.config.Share.IMAdminUserID) if err != nil { return nil, err } @@ -152,7 +150,7 @@ func (s *userServer) UpdateUserInfo(ctx context.Context, req *pbuser.UpdateUserI } func (s *userServer) UpdateUserInfoEx(ctx context.Context, req *pbuser.UpdateUserInfoExReq) (resp *pbuser.UpdateUserInfoExResp, err error) { resp = &pbuser.UpdateUserInfoExResp{} - err = authverify.CheckAccessV3(ctx, req.UserInfo.UserID, &s.config.Share.IMAdmin) + err = authverify.CheckAccessV3(ctx, req.UserInfo.UserID, s.config.Share.IMAdminUserID) if err != nil { return nil, err } @@ -204,7 +202,7 @@ func (s *userServer) AccountCheck(ctx context.Context, req *pbuser.AccountCheckR if datautil.Duplicate(req.CheckUserIDs) { return nil, errs.ErrArgs.WrapMsg("userID repeated") } - err = authverify.CheckAdmin(ctx, &s.config.Share.IMAdmin) + err = authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID) if err != nil { return nil, err } @@ -390,7 +388,7 @@ func (s *userServer) GetSubscribeUsersStatus(ctx context.Context, // ProcessUserCommandAdd user general function add. func (s *userServer) ProcessUserCommandAdd(ctx context.Context, req *pbuser.ProcessUserCommandAddReq) (*pbuser.ProcessUserCommandAddResp, error) { - err := authverify.CheckAccessV3(ctx, req.UserID, &s.config.Share.IMAdmin) + err := authverify.CheckAccessV3(ctx, req.UserID, s.config.Share.IMAdminUserID) if err != nil { return nil, err } @@ -421,7 +419,7 @@ func (s *userServer) ProcessUserCommandAdd(ctx context.Context, req *pbuser.Proc // ProcessUserCommandDelete user general function delete. func (s *userServer) ProcessUserCommandDelete(ctx context.Context, req *pbuser.ProcessUserCommandDeleteReq) (*pbuser.ProcessUserCommandDeleteResp, error) { - err := authverify.CheckAccessV3(ctx, req.UserID, &s.config.Share.IMAdmin) + err := authverify.CheckAccessV3(ctx, req.UserID, s.config.Share.IMAdminUserID) if err != nil { return nil, err } @@ -444,7 +442,7 @@ func (s *userServer) ProcessUserCommandDelete(ctx context.Context, req *pbuser.P // ProcessUserCommandUpdate user general function update. func (s *userServer) ProcessUserCommandUpdate(ctx context.Context, req *pbuser.ProcessUserCommandUpdateReq) (*pbuser.ProcessUserCommandUpdateResp, error) { - err := authverify.CheckAccessV3(ctx, req.UserID, &s.config.Share.IMAdmin) + err := authverify.CheckAccessV3(ctx, req.UserID, s.config.Share.IMAdminUserID) if err != nil { return nil, err } @@ -476,7 +474,7 @@ func (s *userServer) ProcessUserCommandUpdate(ctx context.Context, req *pbuser.P func (s *userServer) ProcessUserCommandGet(ctx context.Context, req *pbuser.ProcessUserCommandGetReq) (*pbuser.ProcessUserCommandGetResp, error) { - err := authverify.CheckAccessV3(ctx, req.UserID, &s.config.Share.IMAdmin) + err := authverify.CheckAccessV3(ctx, req.UserID, s.config.Share.IMAdminUserID) if err != nil { return nil, err } @@ -505,7 +503,7 @@ func (s *userServer) ProcessUserCommandGet(ctx context.Context, req *pbuser.Proc } func (s *userServer) ProcessUserCommandGetAll(ctx context.Context, req *pbuser.ProcessUserCommandGetAllReq) (*pbuser.ProcessUserCommandGetAllResp, error) { - err := authverify.CheckAccessV3(ctx, req.UserID, &s.config.Share.IMAdmin) + err := authverify.CheckAccessV3(ctx, req.UserID, s.config.Share.IMAdminUserID) if err != nil { return nil, err } @@ -534,7 +532,7 @@ func (s *userServer) ProcessUserCommandGetAll(ctx context.Context, req *pbuser.P } func (s *userServer) AddNotificationAccount(ctx context.Context, req *pbuser.AddNotificationAccountReq) (*pbuser.AddNotificationAccountResp, error) { - if err := authverify.CheckAdmin(ctx, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID); err != nil { return nil, err } @@ -577,7 +575,7 @@ func (s *userServer) AddNotificationAccount(ctx context.Context, req *pbuser.Add } func (s *userServer) UpdateNotificationAccountInfo(ctx context.Context, req *pbuser.UpdateNotificationAccountInfoReq) (*pbuser.UpdateNotificationAccountInfoResp, error) { - if err := authverify.CheckAdmin(ctx, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID); err != nil { return nil, err } @@ -604,7 +602,7 @@ func (s *userServer) UpdateNotificationAccountInfo(ctx context.Context, req *pbu func (s *userServer) SearchNotificationAccount(ctx context.Context, req *pbuser.SearchNotificationAccountReq) (*pbuser.SearchNotificationAccountResp, error) { // Check if user is an admin - if err := authverify.CheckAdmin(ctx, &s.config.Share.IMAdmin); err != nil { + if err := authverify.CheckAdmin(ctx, s.config.Share.IMAdminUserID); err != nil { return nil, err } @@ -678,7 +676,7 @@ func (s *userServer) userModelToResp(users []*relation.UserModel, pagination pag accounts := make([]*pbuser.NotificationAccountInfo, 0) var total int64 for _, v := range users { - if v.AppMangerLevel == constant.AppNotificationAdmin && !datautil.Contain(v.UserID, s.config.Share.IMAdmin.UserID...) { + if v.AppMangerLevel == constant.AppNotificationAdmin && !datautil.Contain(v.UserID, s.config.Share.IMAdminUserID...) { temp := &pbuser.NotificationAccountInfo{ UserID: v.UserID, FaceURL: v.FaceURL, diff --git a/pkg/authverify/token.go b/pkg/authverify/token.go index 95e7588ec..5eedf5eed 100644 --- a/pkg/authverify/token.go +++ b/pkg/authverify/token.go @@ -19,7 +19,6 @@ import ( "fmt" "github.com/golang-jwt/jwt/v4" - "github.com/openimsdk/open-im-server/v3/pkg/common/config" "github.com/openimsdk/open-im-server/v3/pkg/common/servererrs" "github.com/openimsdk/tools/mcontext" "github.com/openimsdk/tools/tokenverify" @@ -32,9 +31,9 @@ func Secret(secret string) jwt.Keyfunc { } } -func CheckAccessV3(ctx context.Context, ownerUserID string, imAdmin *config.IMAdmin) (err error) { +func CheckAccessV3(ctx context.Context, ownerUserID string, imAdminUserID []string) (err error) { opUserID := mcontext.GetOpUserID(ctx) - if datautil.Contain(opUserID, imAdmin.UserID...) { + if datautil.Contain(opUserID, imAdminUserID...) { return nil } if opUserID == ownerUserID { @@ -43,20 +42,20 @@ func CheckAccessV3(ctx context.Context, ownerUserID string, imAdmin *config.IMAd return servererrs.ErrNoPermission.WrapMsg("ownerUserID", ownerUserID) } -func IsAppManagerUid(ctx context.Context, imAdmin *config.IMAdmin) bool { - return datautil.Contain(mcontext.GetOpUserID(ctx), imAdmin.UserID...) +func IsAppManagerUid(ctx context.Context, imAdminUserID []string) bool { + return datautil.Contain(mcontext.GetOpUserID(ctx), imAdminUserID...) } -func CheckAdmin(ctx context.Context, imAdmin *config.IMAdmin) error { +func CheckAdmin(ctx context.Context, imAdminUserID []string) error { - if datautil.Contain(mcontext.GetOpUserID(ctx), imAdmin.UserID...) { + if datautil.Contain(mcontext.GetOpUserID(ctx), imAdminUserID...) { return nil } return servererrs.ErrNoPermission.WrapMsg(fmt.Sprintf("user %s is not admin userID", mcontext.GetOpUserID(ctx))) } -func IsManagerUserID(opUserID string, imAdmin *config.IMAdmin) bool { - return datautil.Contain(opUserID, imAdmin.UserID...) +func IsManagerUserID(opUserID string, imAdminUserID []string) bool { + return datautil.Contain(opUserID, imAdminUserID...) } func WsVerifyToken(token, userID, secret string, platformID int) error { diff --git a/pkg/common/config/config.go b/pkg/common/config/config.go index c6ad00a3d..7bee2818a 100644 --- a/pkg/common/config/config.go +++ b/pkg/common/config/config.go @@ -377,11 +377,6 @@ func (r *RpcRegisterName) GetServiceNames() []string { } } -type IMAdmin struct { - UserID []string `mapstructure:"userID"` - Nickname []string `mapstructure:"nickname"` -} - type Webhooks struct { URL string `mapstructure:"url"` BeforeSendSingleMsg WebhookConfig `mapstructure:"beforeSendSingleMsg"` diff --git a/pkg/rpcclient/user.go b/pkg/rpcclient/user.go index cec8b5305..aab96603e 100644 --- a/pkg/rpcclient/user.go +++ b/pkg/rpcclient/user.go @@ -19,7 +19,6 @@ import ( "strings" "github.com/openimsdk/open-im-server/v3/pkg/authverify" - "github.com/openimsdk/open-im-server/v3/pkg/common/config" "github.com/openimsdk/open-im-server/v3/pkg/common/servererrs" "github.com/openimsdk/protocol/sdkws" "github.com/openimsdk/protocol/user" @@ -35,12 +34,12 @@ type User struct { Client user.UserClient Discov discovery.SvcDiscoveryRegistry MessageGateWayRpcName string - imAdmin *config.IMAdmin + imAdminUserID []string } // NewUser initializes and returns a User instance based on the provided service discovery registry. func NewUser(discov discovery.SvcDiscoveryRegistry, rpcRegisterName, messageGateWayRpcName string, - imAdmin *config.IMAdmin) *User { + imAdminUserID []string) *User { conn, err := discov.GetConn(context.Background(), rpcRegisterName) if err != nil { program.ExitWithError(err) @@ -49,7 +48,7 @@ func NewUser(discov discovery.SvcDiscoveryRegistry, rpcRegisterName, messageGate return &User{Discov: discov, Client: client, conn: conn, MessageGateWayRpcName: messageGateWayRpcName, - imAdmin: imAdmin} + imAdminUserID: imAdminUserID} } // UserRpcClient represents the structure for a User RPC client. @@ -63,8 +62,8 @@ func NewUserRpcClientByUser(user *User) *UserRpcClient { // NewUserRpcClient initializes a UserRpcClient based on the provided service discovery registry. func NewUserRpcClient(client discovery.SvcDiscoveryRegistry, rpcRegisterName string, - imAdmin *config.IMAdmin) UserRpcClient { - return UserRpcClient(*NewUser(client, rpcRegisterName, "", imAdmin)) + imAdminUserID []string) UserRpcClient { + return UserRpcClient(*NewUser(client, rpcRegisterName, "", imAdminUserID)) } // GetUsersInfo retrieves information for multiple users based on their user IDs. @@ -167,7 +166,7 @@ func (u *UserRpcClient) Access(ctx context.Context, ownerUserID string) error { if err != nil { return err } - return authverify.CheckAccessV3(ctx, ownerUserID, u.imAdmin) + return authverify.CheckAccessV3(ctx, ownerUserID, u.imAdminUserID) } // GetAllUserIDs retrieves all user IDs with pagination options.