go-duck-cli 1.1.32 → 1.1.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/generators/devops.js +11 -0
- package/generators/kratos.js +24 -3
- package/generators/multitenancy.js +15 -2
- package/package.json +1 -1
package/generators/devops.js
CHANGED
|
@@ -363,6 +363,17 @@ jobs:
|
|
|
363
363
|
"publicClient": false,
|
|
364
364
|
"protocol": "openid-connect",
|
|
365
365
|
"fullScopeAllowed": true
|
|
366
|
+
},
|
|
367
|
+
{
|
|
368
|
+
"clientId": "go-client",
|
|
369
|
+
"enabled": true,
|
|
370
|
+
"publicClient": true,
|
|
371
|
+
"standardFlowEnabled": true,
|
|
372
|
+
"directAccessGrantsEnabled": true,
|
|
373
|
+
"protocol": "openid-connect",
|
|
374
|
+
"redirectUris": ["*"],
|
|
375
|
+
"webOrigins": ["*"],
|
|
376
|
+
"fullScopeAllowed": true
|
|
366
377
|
}
|
|
367
378
|
],
|
|
368
379
|
"users": [
|
package/generators/kratos.js
CHANGED
|
@@ -217,6 +217,8 @@ find api -name "*.proto" -exec protoc --proto_path=. \\
|
|
|
217
217
|
echo "✅ Protos compiled successfully!"
|
|
218
218
|
`;
|
|
219
219
|
const generateBat = `@echo off
|
|
220
|
+
setlocal enabledelayedexpansion
|
|
221
|
+
|
|
220
222
|
echo 🦆 Syncing Protobuf Dependencies...
|
|
221
223
|
if not exist "third_party\\google\\api" mkdir "third_party\\google\\api"
|
|
222
224
|
curl -sSL https://raw.githubusercontent.com/googleapis/googleapis/master/google/api/annotations.proto > third_party\\google\\api\\annotations.proto
|
|
@@ -230,7 +232,13 @@ if %errorlevel% neq 0 (
|
|
|
230
232
|
)
|
|
231
233
|
|
|
232
234
|
for /f "tokens=*" %%f in ('dir /b /s api\\*.proto') do (
|
|
233
|
-
|
|
235
|
+
set "abspath=%%f"
|
|
236
|
+
set "relpath=!abspath:%CD%\\=!"
|
|
237
|
+
protoc --proto_path=. --proto_path=./api --proto_path=./third_party --go_out=paths=source_relative:. --go-grpc_out=paths=source_relative:. "!relpath!"
|
|
238
|
+
if !errorlevel! neq 0 (
|
|
239
|
+
echo ❌ Error: Failed to compile !relpath!
|
|
240
|
+
exit /b 1
|
|
241
|
+
)
|
|
234
242
|
)
|
|
235
243
|
|
|
236
244
|
echo ✅ Protos compiled successfully!
|
|
@@ -302,7 +310,11 @@ func TenantServerInterceptor(conf *config.Config, db *gorm.DB) middleware.Middle
|
|
|
302
310
|
|
|
303
311
|
var mappings []models.TenantRole
|
|
304
312
|
if requestedTenant != "" {
|
|
305
|
-
|
|
313
|
+
if isAdmin {
|
|
314
|
+
db.Raw("SELECT role_name, db_name, is_primary FROM tenant_roles WHERE tenant_id = ?", requestedTenant).Scan(&mappings)
|
|
315
|
+
} else {
|
|
316
|
+
db.Raw("SELECT role_name, db_name, is_primary FROM tenant_roles WHERE LOWER(role_name) IN ? AND tenant_id = ?", lowerRoles, requestedTenant).Scan(&mappings)
|
|
317
|
+
}
|
|
306
318
|
} else {
|
|
307
319
|
db.Raw("SELECT role_name, db_name, is_primary FROM tenant_roles WHERE LOWER(role_name) IN ?", lowerRoles).Scan(&mappings)
|
|
308
320
|
}
|
|
@@ -310,6 +322,16 @@ func TenantServerInterceptor(conf *config.Config, db *gorm.DB) middleware.Middle
|
|
|
310
322
|
siloConnections := make(map[string]*gorm.DB)
|
|
311
323
|
mongoConnections := make(map[string]*mongo.Database)
|
|
312
324
|
|
|
325
|
+
// Filter out unauthorized mappings (e.g. admin_db for non-admins)
|
|
326
|
+
var authorizedMappings []models.TenantRole
|
|
327
|
+
for _, m := range mappings {
|
|
328
|
+
if m.DBName == "admin_db" && !isAdmin {
|
|
329
|
+
continue
|
|
330
|
+
}
|
|
331
|
+
authorizedMappings = append(authorizedMappings, m)
|
|
332
|
+
}
|
|
333
|
+
mappings = authorizedMappings
|
|
334
|
+
|
|
313
335
|
if len(mappings) == 0 {
|
|
314
336
|
conn, _ := mgr.GetDB(fallbackDB)
|
|
315
337
|
siloConnections["fallback"] = conn
|
|
@@ -343,7 +365,6 @@ func TenantServerInterceptor(conf *config.Config, db *gorm.DB) middleware.Middle
|
|
|
343
365
|
})
|
|
344
366
|
|
|
345
367
|
for _, m := range mappings {
|
|
346
|
-
if m.DBName == "admin_db" && !isAdmin { continue }
|
|
347
368
|
if conn, err := mgr.GetDB(m.DBName); err == nil {
|
|
348
369
|
siloConnections[m.RoleName] = conn
|
|
349
370
|
}
|
|
@@ -173,11 +173,25 @@ func TenantMiddleware(db *gorm.DB, cfg *config.Config) gin.HandlerFunc {
|
|
|
173
173
|
}
|
|
174
174
|
|
|
175
175
|
if len(requestedTenants) > 0 {
|
|
176
|
-
|
|
176
|
+
if isAdmin {
|
|
177
|
+
db.Raw("SELECT role_name, db_name, is_primary FROM tenant_roles WHERE tenant_id IN ?", requestedTenants).Scan(&mappings)
|
|
178
|
+
} else {
|
|
179
|
+
db.Raw("SELECT role_name, db_name, is_primary FROM tenant_roles WHERE LOWER(role_name) IN ? AND tenant_id IN ?", lowerRoles, requestedTenants).Scan(&mappings)
|
|
180
|
+
}
|
|
177
181
|
} else {
|
|
178
182
|
db.Raw("SELECT role_name, db_name, is_primary FROM tenant_roles WHERE LOWER(role_name) IN ?", lowerRoles).Scan(&mappings)
|
|
179
183
|
}
|
|
180
184
|
|
|
185
|
+
// Filter out unauthorized mappings (e.g. admin_db for non-admins)
|
|
186
|
+
var authorizedMappings []models.TenantRole
|
|
187
|
+
for _, m := range mappings {
|
|
188
|
+
if m.DBName == "admin_db" && !isAdmin {
|
|
189
|
+
continue
|
|
190
|
+
}
|
|
191
|
+
authorizedMappings = append(authorizedMappings, m)
|
|
192
|
+
}
|
|
193
|
+
mappings = authorizedMappings
|
|
194
|
+
|
|
181
195
|
if len(mappings) == 0 {
|
|
182
196
|
conn, err := mgr.GetDB(fallbackDB)
|
|
183
197
|
if err != nil || conn == nil {
|
|
@@ -221,7 +235,6 @@ func TenantMiddleware(db *gorm.DB, cfg *config.Config) gin.HandlerFunc {
|
|
|
221
235
|
})
|
|
222
236
|
|
|
223
237
|
for _, m := range mappings {
|
|
224
|
-
if m.DBName == "admin_db" && !isAdmin { continue }
|
|
225
238
|
conn, err := mgr.GetDB(m.DBName)
|
|
226
239
|
if err == nil {
|
|
227
240
|
siloConnections[m.RoleName] = conn
|