add create_db_and_user.sql

bibaijin · bibaijin · commit 99b79cb5da67 · 2018-03-26T19:23:39.000+08:00
diff --git a/README.md b/README.md
@@ -35,6 +35,9 @@
 
 ![数据表](docs/figures/database.png)
 
+> - 请根据 [server/sql/bootstrap.sql](server/sql/bootstrap.sql) 创建表
+> - 请根据 [server/sql/create_db_and_user.sql](server/sql/create_db_and_user.sql) 创建数据库和用户
+
 ## 部署
 
 ### 配置
@@ -64,3 +67,4 @@ lain secret add ${LAIN-Domain} web /lain/app/prod.json -f example.json
 ## Licensing
 
 Entry is released under [MIT](https://github.com/laincloud/entry/blob/master/LICENSE) license.
+
diff --git a/server/handler/handle_websocket.go b/server/handler/handle_websocket.go
@@ -96,15 +96,14 @@ func handleRequest(conn *websocket.Conn, s *models.Session, sessionWriter io.Wri
 						if commandContent != "" {
 							command := models.Command{
 								SessionID: s.SessionID,
-								Session:   *s,
 								User:      s.User,
 								Content:   commandContent,
 							}
 							g.DB.Create(&command)
 							if command.IsRisky() {
 								log.Warnf("Dangerous command! Will alert entry owners... Command.Content: %v, session: %+v.", command.Content, s)
 								go func() {
-									if err1 := command.Alert(g); err1 != nil {
+									if err1 := command.Alert(*s, g); err1 != nil {
 										log.Errorf("command.Alert() failed, error: %v.", err1)
 									}
 								}()
diff --git a/server/models/command.go b/server/models/command.go
@@ -12,7 +12,7 @@ import (
 )
 
 const (
-	mailTemplate = `Subject: [Entry@{{.LAINDomain}}][{{.Command.Session.AppName}}] - Dangerous Command
+	mailTemplate = `Subject: [Entry@{{.LAINDomain}}][{{.Session.AppName}}] - Dangerous Command
 MIME-version: 1.0;
 Content-Type: text/html; charset="UTF-8";
 
@@ -64,32 +64,32 @@ Content-Type: text/html; charset="UTF-8";
             <caption>Additional Infomation</caption>
             <tr>
                 <td>App Name</td>
-                <td>{{.Command.Session.AppName}}</td>
+                <td>{{.Session.AppName}}</td>
             </tr>
 
             <tr>
                 <td>User</td>
-                <td>{{.Command.Session.User}}</td>
+                <td>{{.Session.User}}</td>
             </tr>
 
             <tr>
                 <td>Source IP</td>
-                <td>{{.Command.Session.SourceIP}}</td>
+                <td>{{.Session.SourceIP}}</td>
             </tr>
 
             <tr>
                 <td>Proc Name</td>
-                <td>{{.Command.Session.ProcName}}</td>
+                <td>{{.Session.ProcName}}</td>
             </tr>
 
             <tr>
                 <td>Instance No</td>
-                <td>{{.Command.Session.InstanceNo}}</td>
+                <td>{{.Session.InstanceNo}}</td>
             </tr>
 
             <tr>
                 <td>Node IP</td>
-                <td>{{.Command.Session.NodeIP}}</td>
+                <td>{{.Session.NodeIP}}</td>
             </tr>
 
             <tr>
@@ -171,20 +171,21 @@ func isRisky(commandContent string) bool {
 // MailData will be inserted into mailTemplate
 type MailData struct {
 	Command    Command
+	Session    Session
 	LAINDomain string
 }
 
 // Alert alert dangerous command
-func (c Command) Alert(g *global.Global) error {
-	msg, err := c.newMailMessage(g.LAINDomain)
+func (c Command) Alert(s Session, g *global.Global) error {
+	msg, err := c.newMailMessage(g.LAINDomain, s)
 	if err != nil {
 		return err
 	}
 
 	return util.SendMail(msg, g)
 }
 
-func (c Command) newMailMessage(lainDomain string) ([]byte, error) {
+func (c Command) newMailMessage(lainDomain string, s Session) ([]byte, error) {
 	t, err := template.New("mail").Parse(mailTemplate)
 	if err != nil {
 		return nil, err
@@ -193,6 +194,7 @@ func (c Command) newMailMessage(lainDomain string) ([]byte, error) {
 	var buf bytes.Buffer
 	data := MailData{
 		Command:    c,
+		Session:    s,
 		LAINDomain: lainDomain,
 	}
 	if err = t.Execute(&buf, data); err != nil {
diff --git a/server/sql/create_db_and_user.sql b/server/sql/create_db_and_user.sql
@@ -0,0 +1,7 @@
+create database entry;
+
+create user entry@'%' identified by 'password';
+
+grant select, insert, update(status, ended_at, updated_at) on entry.sessions to entry@'%';
+grant select, insert on entry.commands to entry@'%';
+flush privileges;
diff --git a/server/util/auth.go b/server/util/auth.go
@@ -52,7 +52,7 @@ func AuthContainer(token, appName string, g *global.Global) (*sso.User, error) {
 
 // AuthAPI authorizes whether the client with this token has right to access the API
 func AuthAPI(accessToken string, g *global.Global) (*sso.User, error) {
-	user, err := g.SSOClient.GetUser(accessToken)
+	user, err := g.SSOClient.GetMe(accessToken)
 	if err != nil {
 		return nil, err
 	}

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ func AuthContainer(token, appName string, g global.Global) (sso.User, error) {`
`52`	`52`
`53`	`53`	`// AuthAPI authorizes whether the client with this token has right to access the API`
`54`	`54`	`func AuthAPI(accessToken string, g global.Global) (sso.User, error) {`
`55`		`- user, err := g.SSOClient.GetUser(accessToken)`
	`55`	`+ user, err := g.SSOClient.GetMe(accessToken)`
`56`	`56`	`if err != nil {`
`57`	`57`	`return nil, err`
`58`	`58`	`}`