hola-server 0.6.4 → 0.6.6

package/core/bash.js

@@ -0,0 +1,283 @@
+const { exec } = require("child_process");
+const { is_log_debug, is_log_error, log_debug, log_error } = require('../db/db');
+
+const LOG_BASH = "bash";
+
+/**
+ * Run script and get stdout
+ * @param {host info,contains user,ip and password} host
+ * @param {commands to run} script
+ * @returns 
+ */
+const run_script = async (host, script) => {
+    return new Promise((resolve) => {
+        exec(`sshpass -p '${host.pwd}' ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p ${host.port} ${host.user}@${host.ip} /bin/bash <<'EOT' \n ${script} \nEOT\n`, { maxBuffer: 1024 * 150000 }, (error, stdout) => {
+            if (error) {
+                if (is_log_error()) {
+                    log_error(LOG_BASH, "error running on host:" + host.name + " the script:" + script + ",error:" + error);
+                }
+                resolve({ err: "error running the script:" + script + ",error:" + error });
+            } else {
+                if (is_log_debug()) {
+                    log_debug(LOG_BASH, "executing on host:" + host.name + ", script:" + script + ",stdout:" + stdout);
+                }
+                resolve({ stdout: stdout });
+            }
+        });
+    });
+};
+
+const run_script_file = async (host, script_file) => {
+    return new Promise((resolve) => {
+        exec(`sshpass -p '${host.pwd}' ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p ${host.port} ${host.user}@${host.ip} /bin/bash < ${script_file}`, (error, stdout) => {
+            if (error) {
+                if (is_log_error()) {
+                    log_error(LOG_BASH, "error running on host:" + host.name + " the script_file:" + script_file + ",error:" + error);
+                }
+                resolve({ err: "error running the script:" + script_file + ",error:" + error });
+            } else {
+                if (is_log_debug()) {
+                    log_debug(LOG_BASH, "executing on host:" + host.name + ", script_file:" + script_file + ",stdout:" + stdout);
+                }
+                resolve({ stdout: stdout });
+            }
+        });
+    });
+};
+
+/**
+ * Run command in local host
+ * @param {command to execute} cmd 
+ * @returns 
+ */
+const run_local_cmd = async (cmd, log_extra) => {
+    return new Promise((resolve) => {
+        exec(cmd, { maxBuffer: 1024 * 15000000 }, (error, stdout) => {
+            if (error) {
+                if (is_log_error()) {
+                    log_error(LOG_BASH, "error running on local host with cmd:" + cmd + ",error:" + error, log_extra);
+                }
+                resolve({ err: "error running the cmd:" + cmd + ",error:" + error }, log_extra);
+            } else {
+                if (is_log_debug()) {
+                    log_debug(LOG_BASH, "executing on local host with cmd:" + cmd + ",stdout:" + stdout, log_extra);
+                }
+                resolve({ stdout: stdout });
+            }
+        });
+    });
+};
+
+/**
+ * Scp remote file to local file
+ * @param {remote host} host 
+ * @param {remote file path} remote_file 
+ * @param {local file path} locale_file 
+ * @returns 
+ */
+const scp = async (host, remote_file, local_file) => {
+    return new Promise((resolve) => {
+        exec(`sshpass -p '${host.pwd}' scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -P ${host.port} -q ${host.user}@${host.ip}:${remote_file} ${local_file}`, (error, stdout) => {
+            if (error) {
+                if (is_log_error()) {
+                    log_error(LOG_BASH, "error scp on host:" + host.name + " remote:" + remote_file + ",local:" + local_file + ",error:" + error);
+                }
+                resolve({ err: "error scp:" + remote_file + " to locale:" + local_file + ",err:" + error });
+            } else {
+                if (is_log_debug()) {
+                    log_debug(LOG_BASH, "executing scp on host:" + host.name + ", remote:" + remote_file + ",local:" + local_file + ",stdout:" + stdout);
+                }
+                resolve({ stdout: stdout });
+            }
+        });
+    });
+};
+
+/**
+ *Just run simple command and get result directly 
+ * @param {host info,contains user,ip and password} host 
+ * @param {command to run} cmd 
+ * @returns 
+ */
+const run_simple_cmd = async (host, cmd) => {
+    const { err, stdout } = await run_script(host, cmd);
+    if (err) {
+        return null;
+    } else {
+        return stdout.trim();
+    }
+}
+
+/**
+ *Just run simple command and get result directly 
+ * @param {command to run} cmd 
+ * @returns 
+ */
+const run_simple_local_cmd = async (cmd) => {
+    const { err, stdout } = await run_local_cmd(cmd);
+    if (err) {
+        return null;
+    } else {
+        return stdout.trim();
+    }
+}
+
+/**
+ * Use regular expression to match the pattern to get some part of value
+        Speed: Unknown
+        Manufacturer: NO DIMM
+        Serial Number: NO DIMM
+        Asset Tag:
+        Part Number: NO DIMM
+        Rank: Unknown
+        Configured Memory Speed: Unknown
+        Minimum Voltage: 1.2 V
+        Maximum Voltage: 1.2 V
+        Configured Voltage: 1.2 V
+
+ * @param {stdout of the run_cmd} stdout 
+ * @param {key to retrieve info} key 
+ * @returns 
+ */
+const get_info = (stdout, key) => {
+    const word_key = key.split(" ").join("\\s+");
+    const regex = new RegExp(`\n\\s?${word_key}\\s?:(.*)\\s`, 'g');
+    if (is_log_debug()) {
+        log_debug(LOG_BASH, "get_info and regex:" + JSON.stringify(regex));
+    }
+
+    const results = stdout.matchAll(regex);
+
+    const matched = [];
+    for (let result of results) {
+        matched.push(result[1].trim());
+    }
+
+    if (is_log_debug()) {
+        log_debug(LOG_BASH, "get_info and matched:" + JSON.stringify(matched));
+    }
+    return matched;
+}
+
+/**
+ * Get the lines of array
+ * @param {array of lines} array 
+ * @param {array of line number to get,use range to define the lines} lines 
+ * @returns 
+ */
+const get_lines = (array, lines) => {
+    const result = [];
+    lines.forEach(line => {
+        result.push(array[line]);
+    });
+    return result;
+}
+
+/**
+ * Read all the lines to object such as lscpu to retrieve all the cpu info
+    Core(s) per socket:  28
+    Socket(s):           2
+    NUMA node(s):        2
+    Vendor ID:           GenuineIntel
+    CPU family:          6
+    Model:               85
+    Model name:          Intel(R) Xeon(R) Gold 6258R CPU @ 2.70GHz
+    Stepping:            7
+    CPU MHz:             2965.749
+    CPU max MHz:         4000.0000
+    CPU min MHz:         1000.0000
+    BogoMIPS:            5400.00
+    Virtualization:      VT-x
+    L1d cache:           32K
+    L1i cache:           32K
+
+ * @param {stdout of the run_cmd} stdout 
+ * @param {delimiter to split} delimiter 
+ * @param {lines to retrieve} lines 
+ * @param {only retrieve the value that has the same property in config} config 
+ * @returns 
+ */
+const read_key_value_line = (stdout, delimiter = ":", lines, config, exclude_mode) => {
+    const obj = {};
+    if (!stdout) {
+        return obj;
+    }
+
+    const contents = stdout.toString().split(/(?:\r\n|\r|\n)/g);
+    const line_texts = lines ? get_lines(contents, lines) : contents;
+    line_texts.forEach(content => {
+        const key_value = content.split(delimiter);
+        if (key_value.length == 2) {
+            const key = key_value[0].trim();
+            if (key && !config || (exclude_mode != true && config && config[key]) || exclude_mode == true && config && !config[`!${key}`]) {
+                obj[key] = key_value[1].trim();
+            }
+        }
+    });
+    return obj;
+}
+
+
+/**
+ * Use delimeter to split the line and retrieve the info
+ *
+    MODEL                                     SIZE
+    INTEL SSDSC2KB03                          3.5T
+    INTEL SSDPE2KE032T7                       2.9T
+
+ * @param {stdout of the run_cmd} stdout 
+ * @param {the attribute keys} keys 
+ * @param {the lines to ignore} ignore 
+ * @param {delimiter to split the line} delimiter 
+ * @returns 
+ */
+const read_obj_line = (stdout, keys, ignore = 1, delimiter = "  ") => {
+    const results = [];
+    if (!stdout) {
+        return results;
+    }
+
+    const contents = stdout.toString().split(/(?:\r\n|\r|\n)/g);
+    const line_texts = contents.slice(ignore);
+    line_texts.forEach(content => {
+        const values = content.split(delimiter);
+        if (values && values.length > 0 && values[0].trim().length > 0) {
+            const obj = {};
+            const attrs = values.filter(f => f.trim().length > 0);
+            for (let i = 0; i < keys.length; i++) {
+                const key = keys[i];
+                const value = attrs[i];
+                value && (obj[key] = value.trim());
+            }
+            results.push(obj);
+        }
+    });
+    return results;
+}
+
+/**
+ * Retrive attributes value and put it to obj
+ * @param {host info,contains user,ip and password} host
+ * @param {*} attrs  {name:"attr name",cmd:"command to get the attr"}
+ */
+const get_system_attributes = async (host, attrs) => {
+    const obj = {};
+    for (let i = 0; i < attrs.length; i++) {
+        const attr = attrs[i];
+        const value = await run_simple_cmd(host, attr.cmd);
+        value && (obj[attr.name] = value);
+    }
+    return obj;
+}
+
+const stop_process = async (host, process_name, stop_cmd, using_full) => {
+    const grep_cmd = using_full == true ? `pgrep -f "${process_name}" | wc -l` : `pgrep ${process_name} | wc -l`;
+    const { stdout } = await run_script(host, grep_cmd);
+    const has_process = stdout && parseInt(stdout) > 0;
+    if (has_process) {
+        await run_script(host, stop_cmd);
+    }
+    return has_process;
+}
+
+module.exports = { stop_process, scp, run_script, run_script_file, run_simple_cmd, run_local_cmd, run_simple_local_cmd, get_info, get_system_attributes, read_key_value_line, read_obj_line };

package/core/chart.js

@@ -0,0 +1,36 @@
+const { has_value } = require("./validate");
+
+const set_chart_header = (arr1, prefix) => {
+    if (!arr1 || arr1.length < 1) {
+        return;
+    }
+    const headers = arr1[0];
+    if (!headers || headers.length < 1) {
+        return;
+    }
+    for (let i = 1; i < headers.length; i++) {
+        headers[i] = `${prefix}${headers[i]}`;
+    }
+}
+
+const merge_chart_data = (arr1, arr2) => {
+    if (!arr1 || arr1.length < 2 || !arr2 || arr2.length < 2) {
+        return;
+    }
+
+    const max = Math.max(arr1.length, arr2.length);
+    const arr1_cols = arr1[0].length;
+    const arr2_cols = arr2[0].length;
+    for (let i = 0; i < max; i++) {
+        if (!has_value(arr1[i])) {
+            arr1[i] = [...new Array(arr1_cols)].map(o => "");
+            arr1[i][0] = arr2[i][0];
+        }
+        if (!has_value(arr2[i])) {
+            arr2[i] = [...new Array(arr2_cols)].map(o => "");
+        }
+        arr1[i] = [...arr1[i], ...arr2[i].splice(1)];
+    }
+}
+
+module.exports = { set_chart_header, merge_chart_data }

package/core/cron.js

@@ -0,0 +1,10 @@
+const node_cron = require('node-cron');
+
+const init_cron = async (crons, tasks) => {
+    crons.forEach((cron, index) => {
+        const schedule = node_cron.schedule(cron, () => { tasks[index](); }, { scheduled: true, timezone: "Asia/Shanghai" });
+        schedule.start();
+    });
+}
+
+module.exports = { init_cron };

package/core/lhs.js

@@ -0,0 +1,27 @@
+
+const vm = require('node:vm');
+const { range, scale, space } = require("./number");
+
+const get_context = () => { return { range: range, scale: scale, space: space } }
+
+const run_in_context = (code, ctx) => {
+    vm.createContext(ctx);
+    vm.runInContext(code, ctx);
+    return ctx;
+}
+
+const verify_template = (template, knob) => {
+    try {
+        run_in_context("__output__=`" + template + "`;", knob);
+    } catch (err) {
+        return err.message;
+    }
+    return null;
+}
+
+const execute_template = (template, knob) => {
+    const ctx = run_in_context("__output__=`" + template + "`;", knob);
+    return ctx["__output__"];
+}
+
+module.exports = { get_context, run_in_context, verify_template, execute_template }

package/core/meta.js

@@ -1,5 +1,6 @@
 const { is_undefined } = require('./validate');
 const { get_type } = require('./type');
+const { is_valid_role } = require('../setting');
 
 const meta_manager = {};
 /**
@@ -20,7 +21,7 @@ const meta_manager = {};
  * 
 */
 const field_attrs = ["name", "type", "required", "ref", "link", "delete", "create", "list", "search", "update", "clone", "sys", "secure", "group"];
-const meta_attrs = ["collection", "primary_keys", "fields", "creatable", "readable", "updatable", "deleteable", "cloneable", "after_read",
+const meta_attrs = ["collection", "roles", "primary_keys", "fields", "creatable", "readable", "updatable", "deleteable", "cloneable", "after_read",
     "before_create", "after_create", "before_clone", "after_clone", "before_update", "after_update", "before_delete", "after_delete", "create", "clone", "update", "batch_update", "after_batch_update", "delete",
     "ref_label", "ref_filter", "route", "user_field"];
 
@@ -200,6 +201,7 @@ class EntityMeta {
     constructor(meta) {
         this.meta = meta;
         this.collection = this.meta.collection;
+        this.roles = this.meta.roles;
 
         this.creatable = is_undefined(meta.creatable) ? false : meta.creatable;
         this.readable = is_undefined(meta.readable) ? false : meta.readable;
@@ -281,6 +283,19 @@ class EntityMeta {
             });
         }
 
+        if (this.roles) {
+            if (!Array.isArray(this.roles)) {
+                throw new Error("roles of meta [" + this.collection + "] should be array");
+            }
+            this.roles.forEach(role => {
+                const role_config = role.split(":");
+                const role_name = role_config[0];
+                if (!is_valid_role(role_name)) {
+                    throw new Error("role [" + role_name + "] not defined in setting");
+                }
+            });
+        }
+
         if (this.ref_label && !this.field_names.includes(this.ref_label)) {
             throw new Error("ref_label [" + this.ref_label + "] configured in meta:" + this.collection + " not found in field names");
         }

package/core/msg.js

@@ -0,0 +1,11 @@
+const wxm = require('wxmnode');
+
+const init_wxm = (name, password) => {
+    wxm.init(name, password);
+}
+
+const send_msg = async (content, type, detail) => {
+    return await wxm.sendMsg(content, type, detail);
+}
+
+module.exports = { init_wxm, send_msg }

package/http/session.js

@@ -1,6 +1,6 @@
 const express_session = require('express-session');
 const MongoStore = require('connect-mongo');
-const { get_settings } = require('../setting');
+const { get_settings, is_valid_role, is_root_role } = require('../setting');
 
 const init_session = (app) => {
     const server = get_settings().server;
@@ -24,9 +24,45 @@ const get_session_userid = (req) => {
     return user ? user.id : null;
 }
 
+const get_session_user_role = (req) => {
+    const user = req && req.session ? req.session.user : null;
+    return user ? user.role : null;
+}
+
+//b:batch mode, c:create, d:delete, e:export, i:import, o:clone, p:page, r: refresh, s:search, u:update
+const mode_all = "bcdeiorsu";
+
+const get_user_role_mode = (req, roles) => {
+    const user_role = get_session_user_role(req);
+    if (!user_role) {
+        return "";
+    }
+
+    if (is_root_role(user_role)) {
+        return mode_all;
+    } else if (is_valid_role(user_role)) {
+        for (let i = 0; i < roles.length; i++) {
+            const role = roles[i];
+            const role_settings = role.split(":");
+            const role_name = role_settings[0];
+            const role_mode = role_settings[1];
+            if (user_role == role_name) {
+                return role_mode;
+            }
+        }
+    }
+
+    return "";
+}
+
+const check_user_role = (req, roles, mode) => {
+    const role_mode = get_user_role_mode(req, roles);
+    return role_mode.includes(mode);
+}
+
 const get_session_user_groups = (req) => {
     const group = req && req.session ? req.session.group : null;
     return group && Array.isArray(group) ? group : null;
 }
 
-module.exports = { init_session, get_session_userid, get_session_user_groups };
+module.exports = { init_session, get_session_userid, get_session_user_role, get_session_user_groups, check_user_role, get_user_role_mode };

package/index.js

@@ -8,8 +8,13 @@ const { EntityMeta, get_entity_meta } = require('./core/meta');
 
 
 const array = require('./core/array');
+const bash = require('./core/bash');
+const chart = require('./core/chart');
+const cron = require('./core/cron');
 const date = require('./core/date');
 const file = require('./core/file');
+const lhs = require('./core/lhs');
+const msg = require('./core/msg');
 const number = require('./core/number');
 const obj = require('./core/obj');
 const random = require('./core/random');
@@ -26,6 +31,6 @@ const { log_debug, log_info, log_warn, log_error, is_log_debug, is_log_info, is_
 
 module.exports = {
     init_settings, init_express_server, init_router, register_type, get_type, get_db,
-    Entity, EntityMeta, get_entity_meta, array, date, file, number, obj, random, thread, validate, code, err, params, context, gridfs, gen_i18n,
+    Entity, EntityMeta, get_entity_meta, array, bash, chart, cron, date, file, lhs, msg, number, obj, random, thread, validate, code, err, params, context, gridfs, gen_i18n,
     log_debug, log_info, log_warn, log_error, is_log_debug, is_log_info, is_log_warn, is_log_error, get_session_userid, oid_queries, oid_query
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hola-server",
-  "version": "0.6.4",
+  "version": "0.6.6",
   "description": "a meta programming framework used to build nodejs restful api",
   "main": "index.js",
   "scripts": {
@@ -18,7 +18,9 @@
     "mongodb": "^4.7.0",
     "mongoist": "^2.5.4",
     "multer": "^1.4.5-lts.1",
-    "unzipper": "^0.10.11"
+    "unzipper": "^0.10.11",
+    "node-cron": "^3.0.2",
+    "wxmnode": "^1.0.5"
   },
   "devDependencies": {
     "chai": "^4.3.6",

package/router/clone.js

@@ -1,6 +1,6 @@
 const { set_file_fields, save_file_fields_to_db } = require('../db/gridfs');
-const { SUCCESS, NO_PARAMS } = require('../http/code');
-const { get_session_userid } = require('../http/session');
+const { SUCCESS, NO_PARAMS, NO_RIGHTS } = require('../http/code');
+const { get_session_userid, check_user_role } = require('../http/session');
 const { wrap_http } = require('../http/error');
 const { post_params, required_post_params } = require('../http/params');
 const { has_value } = require('../core/validate');
@@ -19,6 +19,14 @@ const init_clone_router = function (router, meta) {
     const cp_upload = meta.upload_fields.length > 0 ? upload_file.fields(meta.upload_fields) : upload_file.none();
 
     router.post('/clone', cp_upload, wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "o");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         let params = required_post_params(req, ["_id"]);
         if (params === null) {
             res.json({ code: NO_PARAMS, err: '[_id] checking params are failed!' });

package/router/create.js

@@ -1,6 +1,6 @@
 const { set_file_fields, save_file_fields_to_db } = require('../db/gridfs');
-const { SUCCESS } = require('../http/code');
-const { get_session_userid } = require('../http/session');
+const { SUCCESS, NO_RIGHTS } = require('../http/code');
+const { get_session_userid, check_user_role } = require('../http/session');
 const { wrap_http } = require('../http/error');
 const { post_params } = require('../http/params');
 const { has_value } = require('../core/validate');
@@ -19,6 +19,14 @@ const init_create_router = function (router, meta) {
     const cp_upload = meta.upload_fields.length > 0 ? upload_file.fields(meta.upload_fields) : upload_file.none();
 
     router.post('/create', cp_upload, wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "c");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         const param_obj = post_params(req, meta.field_names);
         set_file_fields(meta, req, param_obj);
 

package/router/delete.js

@@ -1,6 +1,7 @@
 const { required_post_params } = require('../http/params');
 const { has_value } = require('../core/validate');
-const { NO_PARAMS } = require('../http/code');
+const { NO_PARAMS, NO_RIGHTS } = require('../http/code');
+const { check_user_role } = require('../http/session');
 const { wrap_http } = require('../http/error');
 const { Entity } = require('../db/entity');
 
@@ -13,6 +14,14 @@ const init_delete_router = function (router, meta) {
     const entity = new Entity(meta);
 
     router.post('/delete', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "d");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         const params = required_post_params(req, ["ids"]);
         if (params === null) {
             res.json({ code: NO_PARAMS, err: ["ids"] });

package/router/read.js

@@ -1,7 +1,7 @@
 const { required_post_params, get_params } = require('../http/params');
 const { has_value } = require('../core/validate');
-const { NO_PARAMS, SUCCESS } = require('../http/code');
-const { get_session_userid, get_session_user_groups } = require('../http/session');
+const { NO_PARAMS, SUCCESS, NO_RIGHTS } = require('../http/code');
+const { get_session_userid, get_session_user_groups, check_user_role, get_user_role_mode } = require('../http/session');
 const { wrap_http } = require('../http/error');
 const { Entity } = require('../db/entity');
 
@@ -14,6 +14,15 @@ const init_read_router = function (router, meta) {
     const entity = new Entity(meta);
 
     router.get('/meta', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
+        const mode = meta.roles ? get_user_role_mode(req, meta.roles) : "";
         const entity_meta = {
             creatable: meta.creatable,
             readable: meta.readable,
@@ -24,12 +33,21 @@ const init_read_router = function (router, meta) {
             exportable: meta.exportable,
             editable: meta.editable,
             user_field: meta.user_field,
-            fields: meta.fields
+            fields: meta.fields,
+            mode: mode.length > 0 ? mode : null
         }
         res.json({ code: SUCCESS, data: entity_meta });
     }));
 
     router.get('/ref', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         const { ref_by_entity } = get_params(req, ["ref_by_entity"]);
         const list = await entity.get_filtered_ref_labels(ref_by_entity);
         const items = list.map(obj => ({ "text": obj[meta.ref_label], "value": obj["_id"] + "" }));
@@ -37,6 +55,14 @@ const init_read_router = function (router, meta) {
     }));
 
     router.post('/list', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         const query_params = required_post_params(req, ["_query"]);
         if (query_params === null) {
             res.json({ code: NO_PARAMS, err: ["_query"] });
@@ -71,6 +97,14 @@ const init_read_router = function (router, meta) {
     }));
 
     router.post('/read_entity', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         let params = required_post_params(req, ["_id", "attr_names"]);
         if (params === null) {
             res.json({ code: NO_PARAMS, err: '[_id,attr_names] checking params are failed!' });
@@ -86,6 +120,14 @@ const init_read_router = function (router, meta) {
     }));
 
     router.post('/read_property', wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "r");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         let params = required_post_params(req, ["_id", "attr_names"]);
         if (params === null) {
             res.json({ code: NO_PARAMS, err: '[_id,attr_names] checking params are failed!' });

package/router/update.js

@@ -1,6 +1,7 @@
 const { set_file_fields, save_file_fields_to_db } = require('../db/gridfs');
 const { required_post_params, post_update_params } = require('../http/params');
-const { SUCCESS, NO_PARAMS } = require('../http/code');
+const { SUCCESS, NO_PARAMS, NO_RIGHTS } = require('../http/code');
+const { check_user_role } = require('../http/session');
 const { has_value } = require('../core/validate');
 const { wrap_http } = require('../http/error');
 const { Entity } = require('../db/entity');
@@ -18,6 +19,14 @@ const init_update_router = function (router, meta) {
     const cp_upload = meta.upload_fields.length > 0 ? upload_file.fields(meta.upload_fields) : upload_file.none();
 
     router.post('/update', cp_upload, wrap_http(async function (req, res) {
+        if (meta.roles) {
+            const has_right = check_user_role(req, meta.roles, "u");
+            if (!has_right) {
+                res.json({ code: NO_RIGHTS, err: "no rights error" });
+                return;
+            }
+        }
+
         let params = required_post_params(req, ["_id"]);
         if (params === null) {
             params = required_post_params(req, meta.primary_keys);

package/setting.js

@@ -13,6 +13,10 @@ let settings = {
         log_level: 0,
         save_db: dev_mode == false,
     },
+    roles: [
+        { name: "admin", root: true },
+        { name: "user" }
+    ],
     server: {
         service_port: 8088,
         client_web_url: ['http://localhost:8080'],
@@ -39,4 +43,20 @@ const get_settings = () => {
     return settings;
 }
 
-module.exports = { init_settings, get_settings };
+const is_valid_role = (role_name) => {
+    if (!settings.roles) {
+        return false;
+    }
+    const roles = settings.roles.filter(role => role.name == role_name);
+    return roles.length == 1;
+}
+
+const is_root_role = (role_name) => {
+    if (!is_valid_role(role_name)) {
+        return false;
+    }
+
+    return settings.roles.filter(role => role.name == role_name)[0].root == true;
+}
+
+module.exports = { init_settings, get_settings, is_root_role, is_valid_role };