fix: optimize grpc option and fix some interface permission checks (#3327)

* pb

* fix: Modifying other fields while setting IsPrivateChat does not take effect

* fix: quote message error revoke

* refactoring scheduled tasks

* refactoring scheduled tasks

* refactoring scheduled tasks

* refactoring scheduled tasks

* refactoring scheduled tasks

* refactoring scheduled tasks

* upgrading pkg tools

* fix

* fix

* optimize log output

* feat: support GetLastMessage

* feat: support GetLastMessage

* feat: s3 switch

* feat: s3 switch

* fix: GetUsersOnline

* feat: SendBusinessNotification supported configuration parameters

* feat: SendBusinessNotification supported configuration parameters

* feat: SendBusinessNotification supported configuration parameters

* feat: seq conversion failed without exiting

* fix: DeleteDoc crash

* fix: fill send time

* fix: fill send time

* fix: crash caused by withdrawing messages from users who have left the group

* fix: user msg timestamp

* seq read config

* seq read config

* fix: the source message of the reference is withdrawn, and the referenced message is deleted

* feat: optimize the default notification.yml

* fix: shouldPushOffline

* fix: the sorting is wrong after canceling the administrator in group settings

* feat: Sending messages supports returning fields modified by webhook

* feat: Sending messages supports returning fields modified by webhook

* feat: Sending messages supports returning fields modified by webhook

* fix: oss specifies content-type when uploading

* fix: the version number contains a line break

* fix: the version number contains a line break

* feat: GetConversationsHasReadAndMaxSeq support pinned

* feat: GetConversationsHasReadAndMaxSeq support pinned

* feat: GetConversationsHasReadAndMaxSeq support pinned

* fix: transferring the group owner to a muted member, incremental version error

* feat: unified conversion code

* feat: update gomake

* feat: grpc mw

* fix: permission verification

* fix: optimizing the code

* fix: optimize grpc option and fix some interface permission checks

pkg/authverify/token.go

@@ -31,32 +31,49 @@ func Secret(secret string) jwt.Keyfunc {
 	}
 }
 
-func CheckAccessV3(ctx context.Context, ownerUserID string, imAdminUserID []string) (err error) {
-	opUserID := mcontext.GetOpUserID(ctx)
-	if datautil.Contain(opUserID, imAdminUserID...) {
-		return nil
-	}
-	if opUserID == ownerUserID {
-		return nil
-	}
-	return servererrs.ErrNoPermission.WrapMsg("ownerUserID", ownerUserID)
-}
-
-func IsAppManagerUid(ctx context.Context, imAdminUserID []string) bool {
-	return datautil.Contain(mcontext.GetOpUserID(ctx), imAdminUserID...)
-}
-
-func CheckAdmin(ctx context.Context, imAdminUserID []string) error {
-	if datautil.Contain(mcontext.GetOpUserID(ctx), imAdminUserID...) {
+func CheckAdmin(ctx context.Context) error {
+	if IsAdmin(ctx) {
 		return nil
 	}
 	return servererrs.ErrNoPermission.WrapMsg(fmt.Sprintf("user %s is not admin userID", mcontext.GetOpUserID(ctx)))
 }
 
-func IsManagerUserID(opUserID string, imAdminUserID []string) bool {
-	return datautil.Contain(opUserID, imAdminUserID...)
+//func IsManagerUserID(opUserID string, imAdminUserID []string) bool {
+//	return datautil.Contain(opUserID, imAdminUserID...)
+//}
+
+func CheckUserIsAdmin(ctx context.Context, userID string) bool {
+	return datautil.Contain(userID, GetIMAdminUserIDs(ctx)...)
 }
 
 func CheckSystemAccount(ctx context.Context, level int32) bool {
 	return level >= constant.AppAdmin
 }
+
+const (
+	CtxIsAdminKey = "CtxIsAdminKey"
+)
+
+func WithIMAdminUserIDs(ctx context.Context, imAdminUserID []string) context.Context {
+	return context.WithValue(ctx, CtxIsAdminKey, imAdminUserID)
+}
+
+func GetIMAdminUserIDs(ctx context.Context) []string {
+	imAdminUserID, _ := ctx.Value(CtxIsAdminKey).([]string)
+	return imAdminUserID
+}
+
+func IsAdmin(ctx context.Context) bool {
+	return datautil.Contain(mcontext.GetOpUserID(ctx), GetIMAdminUserIDs(ctx)...)
+}
+
+func CheckAccess(ctx context.Context, ownerUserID string) error {
+	opUserID := mcontext.GetOpUserID(ctx)
+	if opUserID == ownerUserID {
+		return nil
+	}
+	if datautil.Contain(mcontext.GetOpUserID(ctx), GetIMAdminUserIDs(ctx)...) {
+		return nil
+	}
+	return servererrs.ErrNoPermission.WrapMsg("ownerUserID", ownerUserID)
+}

pkg/common/startrpc/mw.go

@@ -0,0 +1,15 @@
+package startrpc
+
+import (
+	"context"
+
+	"github.com/openimsdk/open-im-server/v3/pkg/authverify"
+	"google.golang.org/grpc"
+)
+
+func grpcServerIMAdminUserID(imAdminUserID []string) grpc.ServerOption {
+	return grpc.ChainUnaryInterceptor(func(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp any, err error) {
+		ctx = authverify.WithIMAdminUserIDs(ctx, imAdminUserID)
+		return handler(ctx, req)
+	})
+}

pkg/common/startrpc/start.go

@@ -37,7 +37,8 @@ import (
 	"github.com/openimsdk/tools/discovery"
 	"github.com/openimsdk/tools/errs"
 	"github.com/openimsdk/tools/log"
-	"github.com/openimsdk/tools/mw"
+	grpccli "github.com/openimsdk/tools/mw/grpc/client"
+	grpcsrv "github.com/openimsdk/tools/mw/grpc/server"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 )
@@ -76,6 +77,34 @@ func getConfigRpcMaxRequestBody(value reflect.Value) *conf.MaxRequestBody {
 	return nil
 }
 
+func getConfigShare(value reflect.Value) *conf.Share {
+	for value.Kind() == reflect.Pointer {
+		value = value.Elem()
+	}
+	if value.Kind() == reflect.Struct {
+		num := value.NumField()
+		for i := 0; i < num; i++ {
+			field := value.Field(i)
+			if !field.CanInterface() {
+				continue
+			}
+			for field.Kind() == reflect.Pointer {
+				field = field.Elem()
+			}
+			switch elem := field.Interface().(type) {
+			case conf.Share:
+				return &elem
+			}
+			if field.Kind() == reflect.Struct {
+				if elem := getConfigShare(field); elem != nil {
+					return elem
+				}
+			}
+		}
+	}
+	return nil
+}
+
 func Start[T any](ctx context.Context, disc *conf.Discovery, prometheusConfig *conf.Prometheus, listenIP,
 	registerIP string, autoSetPorts bool, rpcPorts []int, index int, rpcRegisterName string, notification *conf.Notification, config T,
 	watchConfigNames []string, watchServiceNames []string,
@@ -87,12 +116,20 @@ func Start[T any](ctx context.Context, disc *conf.Discovery, prometheusConfig *c
 	}
 
 	maxRequestBody := getConfigRpcMaxRequestBody(reflect.ValueOf(config))
+	shareConfig := getConfigShare(reflect.ValueOf(config))
 
 	log.ZDebug(ctx, "rpc start", "rpcMaxRequestBody", maxRequestBody, "rpcRegisterName", rpcRegisterName, "registerIP", registerIP, "listenIP", listenIP)
 
 	options = append(options,
-		mw.GrpcServer(),
+		grpcsrv.GrpcServerMetadataContext(),
+		grpcsrv.GrpcServerLogger(),
+		grpcsrv.GrpcServerErrorConvert(),
+		grpcsrv.GrpcServerRequestValidate(),
+		grpcsrv.GrpcServerPanicCapture(),
 	)
+	if shareConfig != nil && len(shareConfig.IMAdminUserID) > 0 {
+		options = append(options, grpcServerIMAdminUserID(shareConfig.IMAdminUserID))
+	}
 	var clientOptions []grpc.DialOption
 	if maxRequestBody != nil {
 		if maxRequestBody.RequestMaxBodySize > 0 {
@@ -129,8 +166,12 @@ func Start[T any](ctx context.Context, disc *conf.Discovery, prometheusConfig *c
 
 	defer client.Close()
 	client.AddOption(
-		mw.GrpcClient(), grpc.WithTransportCredentials(insecure.NewCredentials()),
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
 		grpc.WithDefaultServiceConfig(fmt.Sprintf(`{"LoadBalancingPolicy": "%s"}`, "round_robin")),
+
+		grpccli.GrpcClientLogger(),
+		grpccli.GrpcClientContext(),
+		grpccli.GrpcClientErrorConvert(),
 	)
 	if len(clientOptions) > 0 {
 		client.AddOption(clientOptions...)