"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.ClientAuthController = void 0; const clientAuth_1 = require("../models/clientAuth"); const helpers_1 = require("../utils/helpers"); class ClientAuthController { static async getAllClientAuth(req, res) { try { const page = Number(req.query.page) || 1; const limit = Number(req.query.limit) || 20; const offset = (page - 1) * limit; const clientAuths = await clientAuth_1.ClientAuthModel.getAll(limit, offset); const total = await clientAuth_1.ClientAuthModel.getCount(); res.status(200).json({ success: true, data: clientAuths, pagination: { page, limit, total, pages: Math.ceil(total / limit) } }); } catch (error) { console.error('获取客户端认证列表失败:', error); res.status(500).json({ success: false, message: '获取客户端认证列表失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async getClientAuthById(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); if (!id || isNaN(Number(id))) { res.status(400).json({ success: false, message: '无效的ID' }); return; } const clientAuth = await clientAuth_1.ClientAuthModel.getById(Number(id)); if (!clientAuth) { res.status(404).json({ success: false, message: '客户端认证信息不存在' }); return; } res.status(200).json({ success: true, data: clientAuth }); } catch (error) { console.error('获取客户端认证信息失败:', error); res.status(500).json({ success: false, message: '获取客户端认证信息失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async getClientAuthByUsername(req, res) { try { const { username } = req.params; const usernameStr = (0, helpers_1.toString)(username); if (!usernameStr) { res.status(400).json({ success: false, message: '用户名不能为空' }); return; } const clientAuth = await clientAuth_1.ClientAuthModel.getByUsername(usernameStr); if (!clientAuth) { res.status(404).json({ success: false, message: '客户端认证信息不存在' }); return; } res.status(200).json({ success: true, data: clientAuth }); } catch (error) { console.error('根据用户名获取客户端认证信息失败:', error); res.status(500).json({ success: false, message: '根据用户名获取客户端认证信息失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async getClientAuthByClientId(req, res) { try { const { clientid } = req.params; const clientidStr = (0, helpers_1.toString)(clientid); if (!clientidStr) { res.status(400).json({ success: false, message: '客户端ID不能为空' }); return; } const clientAuth = await clientAuth_1.ClientAuthModel.getByClientId(clientidStr); if (!clientAuth) { res.status(404).json({ success: false, message: '客户端认证信息不存在' }); return; } res.status(200).json({ success: true, data: clientAuth }); } catch (error) { console.error('根据客户端ID获取客户端认证信息失败:', error); res.status(500).json({ success: false, message: '根据客户端ID获取客户端认证信息失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async createClientAuth(req, res) { try { const { username, clientid, password, device_type, description, is_superuser, use_salt, auth_method, auth_expiry, allowed_ip_ranges, allowed_time_ranges, auth_policy_id } = req.body; if (!username || !clientid || !password) { res.status(400).json({ success: false, message: '用户名、客户端ID和密码不能为空' }); return; } const existingByUsername = await clientAuth_1.ClientAuthModel.getByUsername(username); if (existingByUsername) { res.status(400).json({ success: false, message: '用户名已存在' }); return; } const existingByClientId = await clientAuth_1.ClientAuthModel.getByClientId(clientid); if (existingByClientId) { res.status(400).json({ success: false, message: '客户端ID已存在' }); return; } const shouldUseSalt = use_salt !== undefined ? Boolean(use_salt) : true; const salt = shouldUseSalt ? clientAuth_1.ClientAuthModel.generateSalt() : ''; const passwordHash = clientAuth_1.ClientAuthModel.generatePasswordHash(password, salt, shouldUseSalt); const newClientAuth = await clientAuth_1.ClientAuthModel.create({ username, clientid, password_hash: passwordHash, salt: salt, status: 'enabled', device_type: device_type || null, description: description || null, is_superuser: is_superuser || false, use_salt: shouldUseSalt, auth_method: auth_method || 'password', auth_expiry: auth_expiry ? new Date(auth_expiry) : null, allowed_ip_ranges: allowed_ip_ranges ? JSON.stringify(allowed_ip_ranges) : null, allowed_time_ranges: allowed_time_ranges ? JSON.stringify(allowed_time_ranges) : null, auth_policy_id: auth_policy_id || null }); await clientAuth_1.ClientAuthModel.logAuthEvent(newClientAuth.clientid, newClientAuth.username, 'connect', 'success', 'Client authentication created', req.ip, undefined, auth_method, auth_policy_id); res.status(201).json({ success: true, data: newClientAuth, message: '客户端认证信息创建成功' }); } catch (error) { console.error('创建客户端认证信息失败:', error); res.status(500).json({ success: false, message: '创建客户端认证信息失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async updateClientAuth(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const { username, clientid, password, device_type, description, status, is_superuser, use_salt, auth_method, auth_expiry, allowed_ip_ranges, allowed_time_ranges, auth_policy_id } = req.body; if (!id || isNaN(Number(id))) { res.status(400).json({ success: false, message: '无效的ID' }); return; } const existingClientAuth = await clientAuth_1.ClientAuthModel.getById(Number(id)); if (!existingClientAuth) { res.status(404).json({ success: false, message: '客户端认证信息不存在' }); return; } if (username && username !== existingClientAuth.username) { const existingByUsername = await clientAuth_1.ClientAuthModel.getByUsername(username); if (existingByUsername) { res.status(400).json({ success: false, message: '用户名已存在' }); return; } } if (clientid && clientid !== existingClientAuth.clientid) { const existingByClientId = await clientAuth_1.ClientAuthModel.getByClientId(clientid); if (existingByClientId) { res.status(400).json({ success: false, message: '客户端ID已存在' }); return; } } const updateData = {}; if (username !== undefined && username !== existingClientAuth.username) { updateData.username = username; } if (clientid !== undefined && clientid !== existingClientAuth.clientid) { updateData.clientid = clientid; } if (password !== undefined) { const shouldUseSalt = use_salt !== undefined ? Boolean(use_salt) : existingClientAuth.use_salt; const salt = shouldUseSalt ? clientAuth_1.ClientAuthModel.generateSalt() : ''; const passwordHash = clientAuth_1.ClientAuthModel.generatePasswordHash(password, salt, shouldUseSalt); updateData.password_hash = passwordHash; updateData.salt = salt; } if (device_type !== undefined) { updateData.device_type = device_type; } if (description !== undefined) { updateData.description = description; } if (status !== undefined) { updateData.status = status; } if (is_superuser !== undefined) { updateData.is_superuser = is_superuser; } if (use_salt !== undefined) { updateData.use_salt = Boolean(use_salt); if (password === undefined) { const shouldUseSalt = Boolean(use_salt); const salt = shouldUseSalt ? clientAuth_1.ClientAuthModel.generateSalt() : ''; updateData.salt = salt; } } if (auth_method !== undefined) { updateData.auth_method = auth_method; } if (auth_expiry !== undefined) { updateData.auth_expiry = auth_expiry ? new Date(auth_expiry) : null; } if (allowed_ip_ranges !== undefined) { updateData.allowed_ip_ranges = allowed_ip_ranges ? JSON.stringify(allowed_ip_ranges) : null; } if (allowed_time_ranges !== undefined) { updateData.allowed_time_ranges = allowed_time_ranges ? JSON.stringify(allowed_time_ranges) : null; } if (auth_policy_id !== undefined) { updateData.auth_policy_id = auth_policy_id; } const updatedClientAuth = await clientAuth_1.ClientAuthModel.update(Number(id), updateData); if (!updatedClientAuth) { res.status(500).json({ success: false, message: '更新客户端认证信息失败' }); return; } await clientAuth_1.ClientAuthModel.logAuthEvent(updatedClientAuth.clientid, updatedClientAuth.username, 'connect', 'success', 'Client authentication updated', req.ip, undefined, updatedClientAuth.auth_method, updatedClientAuth.auth_policy_id || undefined); res.status(200).json({ success: true, data: updatedClientAuth, message: '客户端认证信息更新成功' }); } catch (error) { console.error('更新客户端认证信息失败:', error); res.status(500).json({ success: false, message: '更新客户端认证信息失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async deleteClientAuth(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); if (!id || isNaN(Number(id))) { res.status(400).json({ success: false, message: '无效的ID' }); return; } const existingClientAuth = await clientAuth_1.ClientAuthModel.getById(Number(id)); if (!existingClientAuth) { res.status(404).json({ success: false, message: '客户端认证信息不存在' }); return; } await clientAuth_1.ClientAuthModel.delete(Number(id)); await clientAuth_1.ClientAuthModel.logAuthEvent(existingClientAuth.clientid, existingClientAuth.username, 'connect', 'success', 'Client authentication deleted', req.ip); res.status(200).json({ success: true, message: '客户端认证信息删除成功' }); } catch (error) { console.error('删除客户端认证信息失败:', error); res.status(500).json({ success: false, message: '删除客户端认证信息失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async verifyClientAuth(req, res) { try { const { username, clientid, password } = req.body; if (!username || !clientid || !password) { res.status(400).json({ success: false, message: '用户名、客户端ID和密码不能为空' }); return; } const startTime = Date.now(); const isValid = await clientAuth_1.ClientAuthModel.verifyClient(username, clientid, password); const executionTime = Date.now() - startTime; await clientAuth_1.ClientAuthModel.logAuthEvent(clientid, username, 'connect', isValid ? 'success' : 'failure', isValid ? undefined : 'Invalid credentials', req.ip, undefined, 'password', undefined, executionTime); if (isValid) { res.status(200).json({ success: true, message: '客户端认证信息验证成功' }); } else { res.status(401).json({ success: false, message: '客户端认证信息验证失败' }); } } catch (error) { console.error('验证客户端认证信息失败:', error); res.status(500).json({ success: false, message: '验证客户端认证信息失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async mqttPasswordAuth(req, res) { try { const { username, clientid, password } = req.body; if (!username || !password) { res.status(200).json({ result: false, reason: '用户名和密码不能为空' }); return; } const clientAuth = await clientAuth_1.ClientAuthModel.getByUsername(username); if (!clientAuth) { res.status(200).json({ result: false, reason: '用户不存在' }); return; } if (clientAuth.status !== 'enabled') { res.status(200).json({ result: false, reason: '用户已被禁用' }); return; } const useSalt = clientAuth.use_salt !== undefined ? clientAuth.use_salt : true; const isValidPassword = clientAuth_1.ClientAuthModel.verifyPassword(password, clientAuth.salt, clientAuth.password_hash, useSalt); if (!isValidPassword) { res.status(200).json({ result: false, reason: '密码无效' }); return; } await clientAuth_1.ClientAuthModel.logAuthEvent(clientAuth.clientid, username, 'connect', 'success', '常规密码认证成功', req.ip); res.status(200).json({ result: true, is_superuser: clientAuth.is_superuser === true, acl: [] }); } catch (error) { console.error('MQTT密码认证失败:', error); res.status(200).json({ result: false, reason: '认证服务内部错误' }); } } static async getClientAuthStats(req, res) { try { const statusStats = await clientAuth_1.ClientAuthModel.getStatusStats(); const deviceTypeStats = await clientAuth_1.ClientAuthModel.getDeviceTypeStats(); res.status(200).json({ success: true, data: { status: statusStats, deviceType: deviceTypeStats }, message: '获取客户端认证统计信息成功' }); } catch (error) { console.error('获取客户端认证统计信息失败:', error); res.status(500).json({ success: false, message: '获取客户端认证统计信息失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async getAuthMethods(req, res) { try { const methods = await clientAuth_1.ClientAuthModel.getAuthMethods(); res.status(200).json({ success: true, data: methods }); } catch (error) { console.error('获取认证方法失败:', error); res.status(500).json({ success: false, message: '获取认证方法失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async getAuthMethodById(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const method = await clientAuth_1.ClientAuthModel.getAuthMethodById(parseInt(id)); if (!method) { res.status(404).json({ success: false, message: '认证方法不存在' }); return; } res.status(200).json({ success: true, data: method }); } catch (error) { console.error('获取认证方法失败:', error); res.status(500).json({ success: false, message: '获取认证方法失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async createAuthMethod(req, res) { try { const { method_name, method_type, config, is_active } = req.body; if (!method_name || !method_type || !config) { res.status(400).json({ success: false, message: '方法名称、类型和配置为必填项' }); return; } const existingMethod = await clientAuth_1.ClientAuthModel.getAuthMethodByName(method_name); if (existingMethod) { res.status(400).json({ success: false, message: '认证方法名称已存在' }); return; } const authMethodData = { method_name, method_type, config: JSON.stringify(config), is_active: is_active !== undefined ? is_active : true }; const newMethod = await clientAuth_1.ClientAuthModel.createAuthMethod(authMethodData); res.status(201).json({ success: true, message: '认证方法创建成功', data: newMethod }); } catch (error) { console.error('创建认证方法失败:', error); res.status(500).json({ success: false, message: '创建认证方法失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async updateAuthMethod(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const updateData = req.body; if (updateData.config) { updateData.config = JSON.stringify(updateData.config); } const updatedMethod = await clientAuth_1.ClientAuthModel.updateAuthMethod(parseInt(id), updateData); if (!updatedMethod) { res.status(404).json({ success: false, message: '认证方法不存在' }); return; } res.status(200).json({ success: true, message: '认证方法更新成功', data: updatedMethod }); } catch (error) { console.error('更新认证方法失败:', error); res.status(500).json({ success: false, message: '更新认证方法失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async deleteAuthMethod(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const success = await clientAuth_1.ClientAuthModel.deleteAuthMethod(parseInt(id)); if (!success) { res.status(404).json({ success: false, message: '认证方法不存在' }); return; } res.status(200).json({ success: true, message: '认证方法删除成功' }); } catch (error) { console.error('删除认证方法失败:', error); res.status(500).json({ success: false, message: '删除认证方法失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async getAuthPolicies(req, res) { try { const policies = await clientAuth_1.ClientAuthModel.getAuthPolicies(); res.status(200).json({ success: true, data: policies }); } catch (error) { console.error('获取认证策略失败:', error); res.status(500).json({ success: false, message: '获取认证策略失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async getAuthPolicyById(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const policy = await clientAuth_1.ClientAuthModel.getAuthPolicyById(parseInt(id)); if (!policy) { res.status(404).json({ success: false, message: '认证策略不存在' }); return; } res.status(200).json({ success: true, data: policy }); } catch (error) { console.error('获取认证策略失败:', error); res.status(500).json({ success: false, message: '获取认证策略失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async createAuthPolicy(req, res) { try { const { policy_name, priority, conditions, actions, is_active, description } = req.body; if (!policy_name || priority === undefined || !conditions || !actions) { res.status(400).json({ success: false, message: '策略名称、优先级、条件和操作为必填项' }); return; } const authPolicyData = { policy_name, priority, conditions: JSON.stringify(conditions), actions: JSON.stringify(actions), is_active: is_active !== undefined ? is_active : true, description }; const newPolicy = await clientAuth_1.ClientAuthModel.createAuthPolicy(authPolicyData); res.status(201).json({ success: true, message: '认证策略创建成功', data: newPolicy }); } catch (error) { console.error('创建认证策略失败:', error); res.status(500).json({ success: false, message: '创建认证策略失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async updateAuthPolicy(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const updateData = req.body; if (updateData.conditions) { updateData.conditions = JSON.stringify(updateData.conditions); } if (updateData.actions) { updateData.actions = JSON.stringify(updateData.actions); } const updatedPolicy = await clientAuth_1.ClientAuthModel.updateAuthPolicy(parseInt(id), updateData); if (!updatedPolicy) { res.status(404).json({ success: false, message: '认证策略不存在' }); return; } res.status(200).json({ success: true, message: '认证策略更新成功', data: updatedPolicy }); } catch (error) { console.error('更新认证策略失败:', error); res.status(500).json({ success: false, message: '更新认证策略失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async deleteAuthPolicy(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const success = await clientAuth_1.ClientAuthModel.deleteAuthPolicy(parseInt(id)); if (!success) { res.status(404).json({ success: false, message: '认证策略不存在' }); return; } res.status(200).json({ success: true, message: '认证策略删除成功' }); } catch (error) { console.error('删除认证策略失败:', error); res.status(500).json({ success: false, message: '删除认证策略失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async getClientTokens(req, res) { try { const clientid = (0, helpers_1.toString)(req.params.clientid); if (!clientid) { res.status(400).json({ success: false, message: '客户端ID为必填项' }); return; } const tokens = await clientAuth_1.ClientAuthModel.getClientTokens(clientid); res.status(200).json({ success: true, data: tokens }); } catch (error) { console.error('获取客户端令牌失败:', error); res.status(500).json({ success: false, message: '获取客户端令牌失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async createClientToken(req, res) { try { const { clientid, token_type, token_value, expires_at } = req.body; if (!clientid || !token_type || !token_value || !expires_at) { res.status(400).json({ success: false, message: '客户端ID、令牌类型、令牌值和过期时间为必填项' }); return; } const clientTokenData = { clientid, token_type, token_value, expires_at: new Date(expires_at), status: 'active' }; const newToken = await clientAuth_1.ClientAuthModel.createClientToken(clientTokenData); await clientAuth_1.ClientAuthModel.logAuthEvent(clientid, '', 'connect', 'success', 'Client token created', req.ip, undefined, token_type, undefined); res.status(201).json({ success: true, message: '客户端令牌创建成功', data: newToken }); } catch (error) { console.error('创建客户端令牌失败:', error); res.status(500).json({ success: false, message: '创建客户端令牌失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async updateClientToken(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const updateData = req.body; if (updateData.expires_at) { updateData.expires_at = new Date(updateData.expires_at); } const updatedToken = await clientAuth_1.ClientAuthModel.updateClientToken(parseInt(id), updateData); if (!updatedToken) { res.status(404).json({ success: false, message: '客户端令牌不存在' }); return; } await clientAuth_1.ClientAuthModel.logAuthEvent(updatedToken.clientid, '', 'connect', 'success', 'Client token updated', req.ip, undefined, updatedToken.token_type, undefined); res.status(200).json({ success: true, message: '客户端令牌更新成功', data: updatedToken }); } catch (error) { console.error('更新客户端令牌失败:', error); res.status(500).json({ success: false, message: '更新客户端令牌失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async deleteClientToken(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const tokens = await clientAuth_1.ClientAuthModel.getClientTokens(''); const token = tokens.find(t => t.id === parseInt(id)); if (!token) { res.status(404).json({ success: false, message: '客户端令牌不存在' }); return; } const success = await clientAuth_1.ClientAuthModel.deleteClientToken(parseInt(id)); if (!success) { res.status(404).json({ success: false, message: '客户端令牌不存在' }); return; } res.status(200).json({ success: true, message: '客户端令牌删除成功' }); } catch (error) { console.error('删除客户端令牌失败:', error); res.status(500).json({ success: false, message: '删除客户端令牌失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async getClientCertificates(req, res) { try { const clientid = (0, helpers_1.toString)(req.params.clientid); if (!clientid) { res.status(400).json({ success: false, message: '客户端ID为必填项' }); return; } const certificates = await clientAuth_1.ClientAuthModel.getClientCertificates(clientid); res.status(200).json({ success: true, data: certificates }); } catch (error) { console.error('获取客户端证书失败:', error); res.status(500).json({ success: false, message: '获取客户端证书失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async createClientCertificate(req, res) { try { const { clientid, certificate_pem, fingerprint, expires_at } = req.body; if (!clientid || !certificate_pem || !fingerprint || !expires_at) { res.status(400).json({ success: false, message: '客户端ID、证书PEM、指纹和过期时间为必填项' }); return; } const clientCertificateData = { clientid, certificate_pem, fingerprint, expires_at: new Date(expires_at), status: 'active' }; const newCertificate = await clientAuth_1.ClientAuthModel.createClientCertificate(clientCertificateData); await clientAuth_1.ClientAuthModel.logAuthEvent(clientid, '', 'connect', 'success', 'Client certificate created', req.ip, undefined, 'certificate', undefined); res.status(201).json({ success: true, message: '客户端证书创建成功', data: newCertificate }); } catch (error) { console.error('创建客户端证书失败:', error); res.status(500).json({ success: false, message: '创建客户端证书失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async updateClientCertificate(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const updateData = req.body; if (updateData.expires_at) { updateData.expires_at = new Date(updateData.expires_at); } const updatedCertificate = await clientAuth_1.ClientAuthModel.updateClientCertificate(parseInt(id), updateData); if (!updatedCertificate) { res.status(404).json({ success: false, message: '客户端证书不存在' }); return; } await clientAuth_1.ClientAuthModel.logAuthEvent(updatedCertificate.clientid, '', 'connect', 'success', 'Client certificate updated', req.ip, undefined, 'certificate', undefined); res.status(200).json({ success: true, message: '客户端证书更新成功', data: updatedCertificate }); } catch (error) { console.error('更新客户端证书失败:', error); res.status(500).json({ success: false, message: '更新客户端证书失败', error: error instanceof Error ? error.message : '未知错误' }); } } static async deleteClientCertificate(req, res) { try { const id = (0, helpers_1.toString)(req.params.id); const certificates = await clientAuth_1.ClientAuthModel.getClientCertificates(''); const certificate = certificates.find(c => c.id === parseInt(id)); if (!certificate) { res.status(404).json({ success: false, message: '客户端证书不存在' }); return; } const success = await clientAuth_1.ClientAuthModel.deleteClientCertificate(parseInt(id)); if (!success) { res.status(404).json({ success: false, message: '客户端证书不存在' }); return; } res.status(200).json({ success: true, message: '客户端证书删除成功' }); } catch (error) { console.error('删除客户端证书失败:', error); res.status(500).json({ success: false, message: '删除客户端证书失败', error: error instanceof Error ? error.message : '未知错误' }); } } } exports.ClientAuthController = ClientAuthController; //# sourceMappingURL=clientAuthController.js.map