bios_iam/basic/serv/
iam_platform_serv.rs1use bios_basic::rbum::serv::rbum_crud_serv::RbumCrudOperation;
2use tardis::basic::dto::TardisContext;
3
4use tardis::basic::result::TardisResult;
5use tardis::{TardisFuns, TardisFunsInst};
6
7use crate::basic::dto::iam_cert_conf_dto::{IamCertConfMailVCodeAddOrModifyReq, IamCertConfPhoneVCodeAddOrModifyReq, IamCertConfTokenModifyReq};
8use crate::basic::dto::iam_filer_dto::IamConfigFilterReq;
9use crate::basic::dto::iam_platform_dto::{IamPlatformConfigReq, IamPlatformConfigResp};
10use crate::basic::serv::iam_cert_mail_vcode_serv::IamCertMailVCodeServ;
11use crate::basic::serv::iam_cert_phone_vcode_serv::IamCertPhoneVCodeServ;
12use crate::basic::serv::iam_cert_serv::IamCertServ;
13
14use crate::iam_config::IamConfig;
15use crate::iam_enumeration::{IamCertKernelKind, IamCertTokenKind};
16
17use super::clients::iam_log_client::{IamLogClient, LogParamTag};
18use super::iam_cert_token_serv::IamCertTokenServ;
19use super::iam_cert_user_pwd_serv::IamCertUserPwdServ;
20use super::iam_config_serv::IamConfigServ;
21
22pub struct IamPlatformServ;
23
24impl IamPlatformServ {
25 pub async fn modify_platform_config_agg(modify_req: &IamPlatformConfigReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
26 if modify_req.cert_conf_by_user_pwd.is_none()
27 && modify_req.cert_conf_by_phone_vcode.is_none()
28 && modify_req.cert_conf_by_mail_vcode.is_none()
29 && modify_req.token_default_coexist_num.is_none()
30 && modify_req.config.is_none()
31 {
32 return Ok(());
33 }
34
35 let mut log_tasks = vec![];
36 if modify_req.cert_conf_by_phone_vcode.is_some() {
37 log_tasks.push(("修改认证方式为手机号".to_string(), "ModifyCertifiedWay".to_string()));
38 }
39 if modify_req.cert_conf_by_mail_vcode.is_some() {
40 log_tasks.push(("修改认证方式为邮箱".to_string(), "ModifyCertifiedWay".to_string()));
41 }
42 for (op_describe, op_kind) in log_tasks {
43 let _ = IamLogClient::add_ctx_task(LogParamTag::SecurityAlarm, None, op_describe, Some(op_kind), ctx).await;
44 }
45 let cert_confs = IamCertServ::find_cert_conf(true, Some("".to_string()), None, None, funs, ctx).await?;
47
48 if let Some(cert_conf_by_user_pwd) = &modify_req.cert_conf_by_user_pwd {
49 if let Some(cert_conf_by_user_pwd_id) = cert_confs.iter().find(|r| r.kind == IamCertKernelKind::UserPwd.to_string()).map(|r| r.id.clone()) {
50 IamCertUserPwdServ::modify_cert_conf(&cert_conf_by_user_pwd_id, cert_conf_by_user_pwd, funs, ctx).await?;
51 }
52 }
53
54 if let Some(cert_conf_by_phone_vcode) = modify_req.cert_conf_by_phone_vcode {
55 if let Some(cert_conf_by_phone_vcode_id) = cert_confs.iter().find(|r| r.kind == IamCertKernelKind::PhoneVCode.to_string()).map(|r| r.id.clone()) {
56 if !cert_conf_by_phone_vcode {
57 IamCertServ::disable_cert_conf(&cert_conf_by_phone_vcode_id, funs, ctx).await?;
58 }
59 } else if cert_conf_by_phone_vcode {
60 IamCertPhoneVCodeServ::add_or_enable_cert_conf(&IamCertConfPhoneVCodeAddOrModifyReq { ak_note: None, ak_rule: None }, Some("".to_string()), funs, ctx).await?;
61 }
62 }
63
64 if let Some(cert_conf_by_mail_vcode) = modify_req.cert_conf_by_mail_vcode {
65 if let Some(cert_conf_by_mail_vcode_id) = cert_confs.iter().find(|r| r.kind == IamCertKernelKind::MailVCode.to_string()).map(|r| r.id.clone()) {
66 if !cert_conf_by_mail_vcode {
67 IamCertServ::disable_cert_conf(&cert_conf_by_mail_vcode_id, funs, ctx).await?;
68 }
69 } else if cert_conf_by_mail_vcode {
70 IamCertMailVCodeServ::add_or_enable_cert_conf(&IamCertConfMailVCodeAddOrModifyReq { ak_note: None, ak_rule: None }, Some("".to_string()), funs, ctx).await?;
71 }
72 }
73 if let Some(token_default_coexist_num) = &modify_req.token_default_coexist_num {
74 if let Some(cert_conf_by_token_default_id) = cert_confs.iter().find(|r| r.kind == IamCertTokenKind::TokenDefault.to_string()).map(|r| r.id.clone()) {
75 IamCertTokenServ::modify_cert_conf(
76 &cert_conf_by_token_default_id,
77 &IamCertConfTokenModifyReq {
78 coexist_num: Some(*token_default_coexist_num),
79 name: None,
80 expire_sec: None,
81 },
82 funs,
83 ctx,
84 )
85 .await?;
86 }
87 }
88 if let Some(config) = &modify_req.config {
89 IamConfigServ::add_or_modify_batch("", config.to_vec(), funs, ctx).await?;
90 }
91 Ok(())
92 }
93
94 pub async fn get_platform_config_agg(funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<IamPlatformConfigResp> {
95 let cert_confs = IamCertServ::find_cert_conf(true, Some("".to_string()), None, None, funs, ctx).await?;
96 let cert_conf_by_user_pwd = match cert_confs.iter().find(|r| r.kind == IamCertKernelKind::UserPwd.to_string()) {
97 Some(conf) => conf,
98 None => {
99 return Err(funs.err().not_found("iam_platform_serv", "get_platform_config_agg", "not found cert config", "404-iam-cert-conf-not-exist"));
100 }
101 };
102 let config = IamConfigServ::find_rbums(
103 &IamConfigFilterReq {
104 rel_item_id: Some("".to_string()),
105 ..Default::default()
106 },
107 Some(true),
108 None,
109 funs,
110 ctx,
111 )
112 .await?;
113 let platform = IamPlatformConfigResp {
114 cert_conf_by_user_pwd: TardisFuns::json.str_to_obj(&cert_conf_by_user_pwd.ext)?,
115 cert_conf_by_phone_vcode: cert_confs.iter().any(|r| r.kind == IamCertKernelKind::PhoneVCode.to_string()),
116 cert_conf_by_mail_vcode: cert_confs.iter().any(|r| r.kind == IamCertKernelKind::MailVCode.to_string()),
117 config,
118 strict_security_mode: funs.conf::<IamConfig>().strict_security_mode,
119 token_default_coexist_num: cert_confs.iter().find(|r| r.kind == IamCertTokenKind::TokenDefault.to_string()).map(|r| r.coexist_num).unwrap_or(1),
120 };
121
122 Ok(platform)
123 }
124}