#!/usr/bin/env bash set -euo pipefail # 统一通过 API 新链路管理全局黑名单(按 userID) # # 用法: # 1) 添加 # ./scripts/global_blacklist_api.sh add "user001,user002" [reason] # # 2) 删除 # ./scripts/global_blacklist_api.sh remove "user001,user002" # # 3) 查询 # ./scripts/global_blacklist_api.sh list [pageNumber] [showNumber] # # 环境变量(可覆盖): # OPENIM_API_ADDR 默认: http://127.0.0.1:10002 # ADMIN_TOKEN 管理员 token(如未提供则自动调用 /auth/get_admin_token 获取) # OPENIM_SECRET 获取管理员 token 所需 secret,默认: openIM123 # ADMIN_USER_ID 获取管理员 token 所需 userID,默认: imAdmin OPENIM_API_ADDR="${OPENIM_API_ADDR:-http://127.0.0.1:10002}" ADMIN_TOKEN="${ADMIN_TOKEN:-}" OPENIM_SECRET="${OPENIM_SECRET:-openIM123}" ADMIN_USER_ID="${ADMIN_USER_ID:-imAdmin}" OPERATION_ID="${OPERATION_ID:-gb_$(date +%s)_$RANDOM}" ACTION="${1:-}" USERIDS_RAW="${2:-}" REASON="${3:-manual_by_api_script}" PAGE_NUMBER="${2:-1}" SHOW_NUMBER="${3:-20}" die() { echo "ERROR: $*" >&2 exit 1 } trim() { local s="$1" s="${s#"${s%%[![:space:]]*}"}" s="${s%"${s##*[![:space:]]}"}" printf '%s' "$s" } userids_csv_to_json_array() { local csv="$1" local arr_json="[" local first=1 local item IFS=',' read -r -a _items <<< "$csv" for item in "${_items[@]}"; do item="$(trim "$item")" [[ -z "$item" ]] && continue if [[ $first -eq 1 ]]; then arr_json="${arr_json}\"${item}\"" first=0 else arr_json="${arr_json},\"${item}\"" fi done arr_json="${arr_json}]" if [[ "$arr_json" == "[]" ]]; then die "userIDs 为空,请传入逗号分隔的 userID,如 \"user001,user002\"" fi printf '%s' "$arr_json" } get_admin_token() { local uid body resp token last_resp local -a candidates=("${ADMIN_USER_ID}" "openIM123456" "imAdmin") last_resp="" for uid in "${candidates[@]}"; do body="{\"secret\":\"${OPENIM_SECRET}\",\"userID\":\"${uid}\"}" resp="$(curl -sS -X POST "${OPENIM_API_ADDR}/auth/get_admin_token" \ -H "Content-Type: application/json" \ -H "operationID: ${OPERATION_ID}" \ -d "$body")" last_resp="$resp" token="$(python3 - <<'PY' "$resp" import json import sys raw = sys.argv[1] try: obj = json.loads(raw) except Exception: print("") raise SystemExit(0) token = "" if isinstance(obj, dict): data = obj.get("data") if isinstance(data, dict): token = data.get("token") or data.get("Token") or "" if not token: token = obj.get("token") or obj.get("Token") or "" print(token) PY )" if [[ -n "$token" ]]; then echo "自动获取管理员 token 成功,userID=${uid}" >&2 printf '%s' "$token" return 0 fi done echo "get_admin_token raw response: $last_resp" >&2 die "自动获取管理员 token 失败,请检查 OPENIM_API_ADDR/OPENIM_SECRET/ADMIN_USER_ID(当前: ${ADMIN_USER_ID}),或直接设置 ADMIN_TOKEN" } call_api() { local path="$1" local body="$2" local token="$3" curl -sS -X POST "${OPENIM_API_ADDR}${path}" \ -H "Content-Type: application/json" \ -H "operationID: ${OPERATION_ID}" \ -H "token: ${token}" \ -d "$body" } if [[ -z "$ACTION" ]]; then cat <<'EOF' 用法: 添加: ./scripts/global_blacklist_api.sh add "user001,user002" [reason] 删除: ./scripts/global_blacklist_api.sh remove "user001,user002" 查询: ./scripts/global_blacklist_api.sh list [pageNumber] [showNumber] EOF exit 1 fi if [[ -z "$ADMIN_TOKEN" ]]; then echo "ADMIN_TOKEN 未设置,尝试自动获取管理员 token..." ADMIN_TOKEN="$(get_admin_token)" fi case "$ACTION" in add) [[ -z "$USERIDS_RAW" ]] && die "add 需要 userIDs 参数" USERIDS_JSON="$(userids_csv_to_json_array "$USERIDS_RAW")" BODY="{\"userIDs\":${USERIDS_JSON},\"reason\":\"${REASON}\"}" echo ">>> POST /user/add_global_blacklist" call_api "/user/add_global_blacklist" "$BODY" "$ADMIN_TOKEN" ;; remove) [[ -z "$USERIDS_RAW" ]] && die "remove 需要 userIDs 参数" USERIDS_JSON="$(userids_csv_to_json_array "$USERIDS_RAW")" BODY="{\"userIDs\":${USERIDS_JSON}}" echo ">>> POST /user/remove_global_blacklist" call_api "/user/remove_global_blacklist" "$BODY" "$ADMIN_TOKEN" ;; list) BODY="{\"pagination\":{\"pageNumber\":${PAGE_NUMBER},\"showNumber\":${SHOW_NUMBER}}}" echo ">>> POST /user/get_global_blacklist" call_api "/user/get_global_blacklist" "$BODY" "$ADMIN_TOKEN" ;; *) die "不支持的 action: ${ACTION}(仅支持 add/remove/list)" ;; esac echo