Skip to content

ldap支持控制台配置 #275

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 1, 2025
Merged

ldap支持控制台配置 #275

merged 5 commits into from
Aug 1, 2025

Conversation

guolin302
Copy link
Collaborator

No description provided.

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 30, 2025
edited
Loading

📝 Walkthrough

Summary by CodeRabbit

  • 新功能

    • 管理后台新增LDAP配置管理页面,支持LDAP配置的创建、编辑、删除、批量删除、启用/禁用切换和连接测试。
    • 支持为LDAP配置分配默认用户组,并在登录时自动同步。
    • 后台API新增LDAP配置的增删改查、启用状态检测和连接测试接口。
    • 管理员菜单新增“LDAP登录”入口。

  • 优化与修复

    • 登录页LDAP配置获取逻辑优化,提升异常处理和状态同步准确性。
    • 用户服务LDAP配置集中管理,提升安全性(密码加密存储与解密使用)。
    • 用户组同步逻辑优化,避免无关字段被覆盖。

  • 文档

    • Swagger接口文档和模型描述同步更新,明确LDAP来源为ldap_config.json。
    • 用户模型注释完善,示例来源更清晰。

  • 其他

    • 移除旧有的LDAP环境变量和命令行参数配置方式,统一由数据库配置管理。
    • 数据库自动迁移新增LDAP配置表。

Walkthrough

本次变更引入了LDAP配置的完整管理功能,包括后端的CRUD接口、数据库模型、密码加密处理、连接测试API,以及前端管理页面和菜单入口。同时,登录流程和用户服务逻辑也更新以适配新的LDAP配置存储方式,并移除了原有的LDAP相关命令行参数和环境变量支持。

Changes

Cohort / File(s) Change Summary
LDAP配置后端接口与模型
pkg/controller/admin/config/ldap.go, pkg/models/ldap_config.go, pkg/models/migrate.go		 新增LDAP配置管理的HTTP接口(CRUD、启用切换、测试连接、获取启用状态),实现LDAPConfig模型及其数据库操作方法,并将其加入自动迁移。
LDAP登录流程与用户服务调整
pkg/controller/login/login.go, pkg/service/user.go		 登录流程改为动态读取数据库中的LDAP配置,用户服务方法参数和内部逻辑调整以适配新模型,密码解密绑定,用户组更新逻辑优化。
LDAP配置参数移除
pkg/flag/flag.go		 移除所有LDAP相关的环境变量初始化与命令行参数绑定。
用户来源注释与文档同步
pkg/models/user.go, swagger/docs.go, swagger/swagger.yaml		 用户模型的“source”字段注释及Swagger描述由“ldap”改为“ldap_config.json”,仅文档性更改。
LDAP配置管理前端页面
ui/public/pages/admin/config/ldap_config.json		 新增LDAP配置管理页面,支持增删改查、启用切换、连接测试、分配默认用户组等功能。
前端菜单与登录页面适配
ui/src/components/Sidebar/menu.tsx, ui/src/pages/Login/index.tsx		 平台设置菜单新增“LDAP登录”入口,登录页LDAP配置获取逻辑完善,异常时重置LDAP启用状态。
路由注册调整
main.go, pkg/controller/sso/route.go		 新增LDAP配置路由注册,替换SSO路由中LDAP配置接口的处理控制器。

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Poem

(兔子挥舞着耳朵,欢快吟唱)

新增LDAP,配置灵活多,
密码加密存,安全心不慌。
前后端齐舞,管理界面亮,
用户组分配,连接测试忙。
代码如春风,平台更坚强!

((_/)
(='.'=) 🥕
(")_(")

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between babb323 and b8a6767.

📒 Files selected for processing (4)
  • main.go (1 hunks)
  • pkg/controller/admin/config/ldap.go (1 hunks)
  • pkg/controller/sso/route.go (1 hunks)
  • ui/public/pages/admin/config/ldap_config.json (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
  • ui/public/pages/admin/config/ldap_config.json
  • pkg/controller/admin/config/ldap.go
🧰 Additional context used
🧬 Code Graph Analysis (2)
main.go (1)
pkg/controller/admin/config/ldap.go (1)
  • RegisterLdapConfigRoutes (20-29)
pkg/controller/sso/route.go (1)
pkg/controller/admin/config/ldap.go (1)
  • LdapConfigController (17-18)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Analyze (go)
🔇 Additional comments (4)
main.go (1)

345-346: LGTM!LDAP配置路由注册符合现有模式

新增的LDAP配置路由注册与现有的配置路由(condition和SSO配置)保持一致的组织方式,位置合理地放在admin路由组中,符合系统架构设计。

pkg/controller/sso/route.go (3)

5-5: 新增import符合重构需求

正确导入了新的LDAP配置控制器包,为路由处理器的重构提供了必要的依赖。

12-12: 控制器实例化遵循现有模式

LDAP配置控制器的实例化方式与现有的AuthController保持一致,符合代码风格。

16-16: 路由处理器重构改进了架构设计

将LDAP配置处理从SSO控制器迁移到专门的LDAP配置控制器,实现了职责分离,提高了代码的可维护性和模块化程度。API路径和HTTP方法保持不变,确保了向后兼容性。

✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feat/ldapLogin

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai generate unit tests to generate unit tests for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Jul 30, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
pkg/service/user.go (1)

391-397: LDAP 密码解密错误处理

密码解密失败时返回了通用错误信息,建议保留更多调试信息用于问题排查。

  // 解密管理员密码
  bindPassword, err := utils.AesDecrypt(config.BindPassword)
  if err != nil {
-   klog.Errorf("LDAP密码解密失败: %v", err)
-   return nil, errors.New("LDAP配置错误")
+   klog.Errorf("LDAP密码解密失败 (配置ID: %d): %v", config.ID, err)
+   return nil, fmt.Errorf("LDAP密码解密失败: %w", err)
  }
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f2c194f and a95161e.

⛔ Files ignored due to path filters (6)
  • .DS_Store is excluded by !**/.DS_Store
  • ui/.DS_Store is excluded by !**/.DS_Store
  • ui/public/pages/.DS_Store is excluded by !**/.DS_Store
  • ui/src/.DS_Store is excluded by !**/.DS_Store
  • ui/src/components/.DS_Store is excluded by !**/.DS_Store
  • ui/src/pages/.DS_Store is excluded by !**/.DS_Store
📒 Files selected for processing (13)
  • main.go (3 hunks)
  • pkg/controller/admin/config/ldap.go (1 hunks)
  • pkg/controller/login/login.go (1 hunks)
  • pkg/flag/flag.go (0 hunks)
  • pkg/models/ldap_config.go (1 hunks)
  • pkg/models/migrate.go (1 hunks)
  • pkg/models/user.go (1 hunks)
  • pkg/service/user.go (4 hunks)
  • swagger/docs.go (1 hunks)
  • swagger/swagger.yaml (1 hunks)
  • ui/public/pages/admin/config/ldap_config.json (1 hunks)
  • ui/src/components/Sidebar/menu.tsx (1 hunks)
  • ui/src/pages/Login/index.tsx (1 hunks)
💤 Files with no reviewable changes (1)
  • pkg/flag/flag.go
🧰 Additional context used
🧬 Code Graph Analysis (2)
pkg/controller/admin/config/ldap.go (5)
internal/dao/param.go (1)
  • BuildParams (30-72)
pkg/models/ldap_config.go (1)
  • LDAPConfig (14-28)
internal/dao/conn.go (1)
  • DB (176-182)
pkg/comm/utils/crypto.go (2)
  • AesEncrypt (34-52)
  • AesDecrypt (55-82)
pkg/comm/utils/strings.go (1)
  • ToUInt (56-62)
pkg/models/ldap_config.go (4)
internal/dao/param.go (1)
  • Params (11-19)
internal/dao/conn.go (1)
  • DB (176-182)
internal/dao/base.go (4)
  • GenericQuery (13-77)
  • GenericSave (110-136)
  • GenericDelete (139-167)
  • GenericGetOne (79-101)
pkg/comm/utils/strings.go (1)
  • ToInt64Slice (80-94)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Analyze (go)
🔇 Additional comments (24)
pkg/models/migrate.go (1)

97-99: LGTM! LDAP配置模型迁移添加正确

新增的 LDAPConfig 模型迁移遵循了现有的数据库迁移模式,包括适当的错误处理。这与PR目标中的LDAP配置数据库化管理需求一致。

swagger/docs.go (1)

886-886: LGTM! Swagger文档更新正确

用户来源字段描述从 "ldap" 更新为 "ldap_config.json",与新的LDAP配置管理方式保持一致。

ui/src/pages/Login/index.tsx (2)

44-46: LGTM! 防御性编程改进

添加 data.data 存在性检查避免了潜在的空引用错误,提高了代码的健壮性。

48-51: LGTM! 错误处理优化合理

将LDAP配置获取失败时的处理从显示用户错误消息改为控制台日志记录并明确设置 ldapEnabledfalse,避免了配置获取失败对登录流程的干扰。这种处理方式更加用户友好。

swagger/swagger.yaml (1)

18-18: LGTM! API文档描述更新一致

用户来源字段的描述与 swagger/docs.go 中的更新保持一致,正确反映了新的LDAP配置管理方式。

ui/src/components/Sidebar/menu.tsx (1)

795-800: LGTM! LDAP配置菜单项添加正确

新增的LDAP配置菜单项遵循了现有的菜单结构模式,正确地限制为平台管理员可见,并且在逻辑上放置在单点登录配置之后。路径配置和图标选择都很合适。

pkg/models/user.go (1)

18-18: 注释更新准确反映了新的LDAP配置管理方式

将来源示例从"ldap"更新为"ldap_config.json"准确反映了从环境变量配置到数据库配置的转变,注释更新合理。

pkg/controller/login/login.go (2)

148-161: LDAP配置查询逻辑实现正确

从数据库获取启用的LDAP配置以获取默认用户组的实现是合理的。查询逻辑正确,错误处理恰当,能够优雅降级到空默认组。

162-185: 用户存在性检查和创建逻辑实现完善

新的用户检查和创建流程更加健壮:

  1. 正确检查用户是否存在
  2. 对禁用用户返回适当的错误
  3. 使用正确的来源标识"ldap_config"创建新用户
  4. 错误处理覆盖了各种数据库异常情况

实现符合安全最佳实践。

main.go (3)

234-234: LDAP配置获取路由更新合理

sso.GetLdapEnabled更改为config.GetLdapConfig符合新的LDAP配置管理架构,能够返回数据库中的LDAP配置状态而非静态标志。

388-388: 注释简化合理

将"节点污点"简化为"污点"使注释更加简洁,不影响功能理解。

562-568: LDAP管理路由配置完整且安全

新增的LDAP配置管理路由包含了完整的CRUD操作:

  • 列表查询、详情获取
  • 保存和删除操作
  • 快速状态切换
  • 连接测试功能

所有路由都正确地放在了/admin组下并使用了PlatformAuthMiddleware()进行权限控制,确保只有平台管理员可以访问。

pkg/controller/admin/config/ldap.go (7)

18-34: LDAP配置列表接口实现完善

列表接口正确使用了分页参数构建和通用查询方法,并且出于安全考虑隐藏了密码字段,这是很好的安全实践。

36-49: 配置详情获取接口实现正确

详情接口正确处理了ID参数,使用了适当的查询条件,错误处理完善。返回格式符合前端期望。

51-103: LDAP配置保存逻辑实现安全且完善

保存逻辑处理得很好:

  1. 正确区分新建和编辑操作
  2. 编辑时保留原密码的逻辑合理,避免不必要的重新加密
  3. 密码加密使用AES + Base64编码,安全性良好
  4. 使用Select指定更新字段,避免意外覆盖
  5. 错误处理完善

这是一个很好的密码管理实践示例。

105-117: 删除接口支持批量操作

删除接口正确支持批量删除,使用了通用的删除方法,实现简洁有效。

119-139: 快速状态切换接口实现合理

快速启用/禁用状态切换功能实现正确,使用了Select指定字段更新,避免了不必要的数据修改。参数解析和布尔值转换处理得当。

141-157: LDAP启用状态查询接口逻辑正确

查询启用状态的逻辑合理,通过检查是否存在启用的配置来确定LDAP功能状态。响应格式符合前端期望。

159-197: LDAP连接测试实现安全且实用

连接测试功能实现得很好:

  1. 请求结构体定义清晰
  2. 正确处理加密密码的解密
  3. LDAP连接和绑定测试逻辑正确
  4. 错误处理详细,便于调试
  5. 资源清理(defer conn.Close())正确

这为管理员提供了很好的配置验证工具。

pkg/models/ldap_config.go (2)

14-28: LDAP配置模型定义完善

模型结构设计合理:

  1. 字段定义完整,包含了LDAP连接所需的所有参数
  2. GORM注解正确,字段长度限制合理
  3. JSON标签正确,bind_password字段使用omitempty是好的实践
  4. 包含了必要的时间戳字段
  5. 默认值设置合理(Enabled默认为true,LOGIN2AUTHCLOSE默认为true)

30-48: CRUD方法实现标准化

所有CRUD方法都正确使用了通用DAO函数:

  1. List方法支持分页和自定义查询
  2. Save方法支持创建和更新
  3. Delete方法支持批量删除,正确使用了ID转换工具
  4. GetOne方法支持单条记录查询

实现遵循了项目的代码规范,具有良好的一致性。

ui/public/pages/admin/config/ldap_config.json (1)

328-335: 无需修改:后端已支持批量删除

后端 LDAPConfig.Delete 方法接收路径参数 ids(如 “1,2,3”),通过 utils.ToInt64Slice(ids) 将逗号分隔的字符串转为 []int64,再交给 dao.GenericDelete 执行 WHERE id IN (?) 批量删除。前端可继续使用

"api": "post:/admin/config/ldap/delete/${ids}"

并以逗号分隔的 ID 列表调用,无需额外改动。

pkg/service/user.go (2)

334-340: 正确使用 UpdateColumn 避免数据丢失

使用 UpdateColumn 仅更新 group_names 字段的做法是正确的,避免了使用 Save 方法时可能清空其他字段(如密码)的问题。

430-448: LDAP 配置查询逻辑正确

从数据库获取启用的 LDAP 配置的实现正确,使用 Order("id desc") 确保获取最新的配置。

建议添加注释说明为什么选择最新的配置:

  queryFunc := func(db *gorm.DB) *gorm.DB {
+   // 获取最新的启用配置(当有多个启用配置时)
    return db.Where("enabled = ?", true).Order("id desc").Limit(1)
  }

ui/public/pages/admin/config/ldap_config.json
Comment on lines +54 to +61
{
"type": "input-text",
"name": "port",
"label": "服务器端口",
"required": true,
"placeholder": "默认389",
"value": 389
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

端口字段类型和验证优化

端口字段使用了 input-text 类型,建议改为 input-number 并添加端口范围验证。

-  "type": "input-text",
+  "type": "input-number",
   "name": "port",
   "label": "服务器端口",
   "required": true,
   "placeholder": "默认389",
-  "value": 389
+  "value": 389,
+  "min": 1,
+  "max": 65535,
+  "validations": {
+    "minimum": 1,
+    "maximum": 65535
+  },
+  "validationErrors": {
+    "minimum": "端口号不能小于1",
+    "maximum": "端口号不能大于65535"
+  }

Also applies to: 222-229

🤖 Prompt for AI Agents 
In ui/public/pages/admin/config/ldap_config.json at lines 54-61 and also lines
222-229, the port field is currently defined as type "input-text" without
validation. Change the field type to "input-number" and add validation rules to
ensure the port value is within the valid range (typically 1 to 65535). This
will enforce proper numeric input and prevent invalid port entries.

@weibaohui weibaohui merged commit 1121732 into main Aug 1, 2025
6 checks passed
@weibaohui weibaohui deleted the feat/ldapLogin branch August 1, 2025 19:31
@coderabbitai coderabbitai bot mentioned this pull request Aug 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@guolin302 @weibaohui