in server/service/rbac/account_service.go [41:98]
func CreateAccount(ctx context.Context, a *rbacmodel.Account) error {
quotaErr := quotasvc.ApplyAccount(ctx, 1)
if quotaErr != nil {
return rbacmodel.NewError(rbacmodel.ErrAccountNoQuota, quotaErr.Error())
}
err := validator.ValidateCreateAccount(a)
if err != nil {
log.Error(fmt.Sprintf("create account [%s] failed", a.Name), err)
return discovery.NewError(discovery.ErrInvalidParams, err.Error())
}
if len(a.Status) == 0 {
a.Status = "active"
}
err = a.Check()
if err != nil {
log.Error(fmt.Sprintf("create account [%s] failed", a.Name), err)
return discovery.NewError(discovery.ErrInvalidParams, err.Error())
}
if err = checkRoleNames(ctx, a.Roles); err != nil {
return rbacmodel.NewError(rbacmodel.ErrAccountHasInvalidRole, err.Error())
}
lockKey := "/account-creating/" + a.Name
if err := dlock.TryLock(lockKey, -1); err != nil {
err = fmt.Errorf("account %s is creating, err: %s", a.Name, err.Error())
return discovery.NewError(discovery.ErrInvalidParams, err.Error())
}
defer func() {
if err := dlock.Unlock(lockKey); err != nil {
log.Error("unlock failed", err)
}
}()
a.Password, err = privacy.ScryptPassword(a.Password)
if err != nil {
msg := fmt.Sprintf("failed to hash account pwd, account name %s", a.Name)
log.Error(msg, err)
return err
}
a.Role = ""
a.CurrentPassword = ""
if a.ID == "" {
a.ID = util.GenerateUUID()
}
a.CreateTime = strconv.FormatInt(time.Now().Unix(), 10)
a.UpdateTime = a.CreateTime
err = rbac.Instance().CreateAccount(ctx, a)
if err == nil {
log.Info(fmt.Sprintf("create account [%s] success", a.Name))
return nil
}
log.Error(fmt.Sprintf("create account [%s] failed", a.Name), err)
if err == rbac.ErrAccountDuplicated {
return rbacmodel.NewError(rbacmodel.ErrAccountConflict, err.Error())
}
return err
}