ZZYDOP
/
AiDOPWarehouse


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263
							// 大名科技（天津）有限公司 版权所有
//
// 此源代码遵循位于源代码树根目录中的 LICENSE 文件的许可证
//
// 不得利用本项目从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动
//
// 任何基于本项目二次开发而产生的一切法律纠纷和责任，均与作者无关

using Novell.Directory.Ldap;

namespace Admin.NET.Core;

/// <summary>
/// 系统域登录信息配置表服务
/// </summary>
[ApiDescriptionSettings(Order = 100)]
public class SysLdapService : IDynamicApiController, ITransient
{
    private readonly SqlSugarRepository<SysLdap> _sysLdapRep;
    private readonly SysUserLdapService _sysUserLdapService;

    public SysLdapService(SqlSugarRepository<SysLdap> rep, SysUserLdapService sysUserLdapService)
    {
        _sysLdapRep = rep;
        _sysUserLdapService = sysUserLdapService;
    }

    /// <summary>
    /// 获取系统域登录信息配置分页列表
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    public async Task<SqlSugarPagedList<SysLdap>> Page(SysLdapInput input)
    {
        return await _sysLdapRep.AsQueryable()
             .WhereIF(!string.IsNullOrWhiteSpace(input.SearchKey), u => u.Host.Contains(input.SearchKey.Trim()))
             .WhereIF(!string.IsNullOrWhiteSpace(input.Host), u => u.Host.Contains(input.Host.Trim()))
            .OrderBy(u => u.CreateTime, OrderByType.Desc)
            .ToPagedListAsync(input.Page, input.PageSize);
    }

    /// <summary>
    /// 增加系统域登录信息配置
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "Add"), HttpPost]
    public async Task<long> Add(AddSysLdapInput input)
    {
        var entity = input.Adapt<SysLdap>();
        entity.BindPass = CryptogramUtil.Encrypt(input.BindPass);
        await _sysLdapRep.InsertAsync(entity);
        return entity.Id;
    }

    /// <summary>
    /// 更新系统域登录信息配置
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "Update"), HttpPost]
    public async Task Update(UpdateSysLdapInput input)
    {
        var entity = input.Adapt<SysLdap>();
        if (!string.IsNullOrEmpty(input.BindPass) && input.BindPass.Length < 32)
        {
            entity.BindPass = CryptogramUtil.Encrypt(input.BindPass); // 加密
        }
        await _sysLdapRep.AsUpdateable(entity).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync();
    }

    /// <summary>
    /// 删除系统域登录信息配置
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "Delete"), HttpPost]
    public async Task Delete(DeleteSysLdapInput input)
    {
        var entity = await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
        await _sysLdapRep.FakeDeleteAsync(entity);  // 假删除
        //await _rep.DeleteAsync(entity);  // 真删除
    }

    /// <summary>
    /// 获取系统域登录信息配置详情
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "Detail")]
    public async Task<SysLdap> GetDetail([FromQuery] DetailSysLdapInput input)
    {
        return await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id);
    }

    /// <summary>
    /// 获取系统域登录信息配置列表
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "List")]
    public async Task<List<SysLdap>> GetList([FromQuery] SysLdapInput input)
    {
        return await _sysLdapRep.AsQueryable().Select<SysLdap>().ToListAsync();
    }

    /// <summary>
    /// 账号验证
    /// </summary>
    /// <param name="account">域用户</param>
    /// <param name="password">密码</param>
    /// <param name="tenantId">租户</param>
    /// <returns></returns>
    [NonAction]
    public async Task<bool> Auth(long tenantId, string account, string password)
    {
        var ldap = await _sysLdapRep.GetFirstAsync(u => u.TenantId == tenantId) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
        var ldapConn = new LdapConnection();
        try
        {
            ldapConn.Connect(ldap.Host, ldap.Port);
            ldapConn.Bind(ldap.Version, ldap.BindDn, ldap.BindPass);
            var userEntitys = ldapConn.Search(ldap.BaseDn, LdapConnection.ScopeSub, ldap.AuthFilter.Replace("$s", account), null, false);
            string dn = string.Empty;
            while (userEntitys.HasMore())
            {
                var entity = userEntitys.Next();
                var sAMAccountName = entity.GetAttribute(ldap.AuthFilter)?.StringValue;
                if (!string.IsNullOrEmpty(sAMAccountName))
                {
                    dn = entity.Dn;
                    break;
                }
            }
            if (string.IsNullOrEmpty(dn)) throw Oops.Oh(ErrorCodeEnum.D1002);
            var attr = new LdapAttribute("userPassword", password);
            ldapConn.Bind(dn, password);
        }
        catch (LdapException e)
        {
            switch (e.ResultCode)
            {
                case LdapException.NoSuchObject:
                case LdapException.NoSuchAttribute:
                    throw Oops.Oh(ErrorCodeEnum.D0009);
                case LdapException.InvalidCredentials:
                    return false;
                default:
                    throw Oops.Oh(e.Message);
            }
        }
        finally
        {
            ldapConn.Disconnect();
        }
        return true;
    }

    /// <summary>
    /// 同步域用户
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [HttpPost]
    [ApiDescriptionSettings(Name = "UserSync")]
    public async Task UserSync(UserSyncIdSysLdapInput input)
    {
        var ldap = await _sysLdapRep.GetFirstAsync(u => u.Id == input.Id) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
        LdapConnection ldapConn = new LdapConnection();
        try
        {
            ldapConn.Connect(ldap.Host, ldap.Port);
            ldapConn.Bind(ldap.Version, ldap.BindDn, ldap.BindPass);
            var userEntitys = ldapConn.Search(ldap.BaseDn, LdapConnection.ScopeOne, "(objectClass=*)", null, false);
            string dn = string.Empty;
            var listUserLdap = new List<SysUserLdap>();
            while (userEntitys.HasMore())
            {
                LdapEntry entity;
                try
                {
                    entity = userEntitys.Next();
                    if (entity == null) continue;
                }
                catch (LdapException)
                {
                    continue;
                }
                var attrs = entity.GetAttributeSet();
                if (attrs.Count == 0 || attrs.ContainsKey("OU"))
                    LdapUserSearchDn(ldapConn, ldap, listUserLdap, entity.Dn);
                else
                {
                    var sysUserLdap = new SysUserLdap
                    {
                        Account = !attrs.ContainsKey(ldap.BindAttrAccount) ? null : attrs.GetAttribute(ldap.BindAttrAccount)?.StringValue,
                        EmployeeId = !attrs.ContainsKey(ldap.BindAttrEmployeeId) ? null : attrs.GetAttribute(ldap.BindAttrEmployeeId)?.StringValue
                    };
                    if (string.IsNullOrEmpty(sysUserLdap.EmployeeId)) continue;
                    listUserLdap.Add(sysUserLdap);
                }
            }
            if (listUserLdap.Count == 0)
                return;           
            await _sysUserLdapService.InsertUserLdapsAsync(ldap.TenantId.Value, listUserLdap);
        }
        catch (LdapException e)
        {
            switch (e.ResultCode)
            {
                case LdapException.NoSuchObject:
                case LdapException.NoSuchAttribute:
                    throw Oops.Oh(ErrorCodeEnum.D0009);
                case LdapException.InvalidCredentials:
                default:
                    throw Oops.Oh(e.Message);
            }
        }
        finally
        {
            ldapConn.Disconnect();
        }
    }

    /// <summary>
    /// 域用户遍历查询
    /// </summary>
    /// <param name="conn"></param>
    /// <param name="ldap"></param>
    /// <param name="listUserLdap"></param>
    /// <param name="baseDn"></param>
    private void LdapUserSearchDn(LdapConnection conn, SysLdap ldap, List<SysUserLdap> listUserLdap, string baseDn)
    {
        var userEntitys = conn.Search(baseDn, LdapConnection.ScopeOne, "(objectClass=*)", null, false);
        string dn = string.Empty;
        while (userEntitys.HasMore())
        {
            LdapEntry entity;
            try
            {
                entity = userEntitys.Next();
                if (entity == null) continue;
            }
            catch (LdapException)
            {
                continue;
            }
            var attrs = entity.GetAttributeSet();
            if (attrs.Count == 0 || attrs.ContainsKey("OU"))
                LdapUserSearchDn(conn, ldap, listUserLdap, entity.Dn);
            else
            {
                var sysUserLdap = new SysUserLdap
                {
                    Account = !attrs.ContainsKey(ldap.BindAttrAccount) ? null : attrs.GetAttribute(ldap.BindAttrAccount)?.StringValue,
                    EmployeeId = !attrs.ContainsKey(ldap.BindAttrEmployeeId) ? null : attrs.GetAttribute(ldap.BindAttrEmployeeId)?.StringValue
                };
                if (string.IsNullOrEmpty(sysUserLdap.EmployeeId)) continue;
                listUserLdap.Add(sysUserLdap);
            }
        }
    }
}