• 返回
  • 最后更新
  • 2020-10-03 22:23:30 +0800 CST

ToughRADIUS 商业版 API — 用户订阅

通过 API 来管理用户订阅, 用户订阅是指创建一个用户账号,并绑定一个策略形成订阅关系, 一个订阅对应一个具体的账号

注意用户账号与策略的关系, 每个订阅账号绑定一个策略, 这里有一个冗余的设计, 当用户创建时, 策略的各个属性会被复制到帐号, 实际认证授权流程中直接读取帐号的策略, 而不是去读取帐号绑定的策略表, 这样做的目的是, 账号可以进行独立的策略定义, 而且对于认证处理流程来说,具有更高的性能(因为避免了去关联查询)

数据结构

id: 唯一ID
realname: 姓名,可选
mobile: 电话,可选
email: 电子邮件,可选
profile_id: 策略ID, 创建时必须,修改时可选
username: 帐号,创建时必须,修改时可选
password: 密码,创建时必须,修改时可选
status: 状态 enabled/disabled, 必要属性
mfa_secret: 多因子认证秘钥, 可选
mfa_status: 是否启用多因子认证 enabled/disabled, 默认 disabled
domain: 认证域, 可选,针对特定设备
mac_addr: MAC地址, 可选
addr_pool: 地址池,可选
active_num: 同时在线限制,创建时必须,修改时可选
ip_addr: 静态IP,可选
vlanid1: 内层VLAN 默认 0
vlanid2: 外层VLAN, 默认 0
bind_mac: 是否绑定MAC 0/1,默认 0
bind_vlan: 是否绑定VLAN 0/1, 默认 0
up_rate: 上行速率,存储为 bps, 创建修改时输入 Mbps,创建时必须,修改时可选
down_rate: 下行速率,存储为 bps,创建修改时输入 Mbps,创建时必须,修改时可选
up_limit_policy: 上行速率策略,可选,针对特定设备
down_limit_policy: 下行速率策略, 可选,针对特定设备
limit_policy: 总体限速策略, 可选,针对特定设备
vpe_ids: 绑定 nas id, 可选
tags: 标签,可选
remark: 备注,可选
expire_time: 过期时间,创建订阅时不需要, 修改时可选
create_time: 创建时间,由系统管理 
update_time: 更新时间,由系统管理

- 查询订阅

GET /bss/subscribe/list?tags=&keyword=

参数通过 url 传递, 通过tags 和 keyword 模糊匹配

请求Header

authorization: Bearer <Api Token>

响应结果

{
  "code": 0,
  "msg": "success",
  "data": [
    {
      "id": "1",
      "tags": "N/A",
      "vpe_ids": "1",
      "profile_id": "1",
      "realname": "testuser",
      "mobile": "N/A",
      "email": "test@toughradius.com",
      "username": "test01",
      "password": "6eBulgLp6dvevOzf3/DmSA==",
      "mfa_secret": "N/A",
      "mfa_status": "disabled",
      "domain": "N/A",
      "addr_pool": "N/A",
      "mac_addr": "N/A",
      "ip_addr": "N/A222",
      "active_num": 10,
      "vlanid1": 0,
      "vlanid2": 0,
      "limit_policy": "N/A",
      "up_limit_policy": "N/A",
      "down_limit_policy": "N/A",
      "up_rate": 0,
      "down_rate": 0,
      "bind_mac": 0,
      "bind_vlan": 0,
      "status": "enabled",
      "remark": "test user",
      "create_time": "2020-09-01 00:00:00",
      "expire_time": "2040-09-01 00:00:00",
      "update_time": "2020-09-09 20:21:22"
    }
  ]
}

- 根据ID查询单个帐号

GET /bss/subscribe/get?id=1

请求Header

authorization: Bearer <Api Token>

响应结果

{
  "code": 0,
  "msgtype": "info",
  "msg": "Operation Success",
  "data": {
    "id": "1",
    "tags": "N/A",
    "vpe_ids": "",
    "profile_id": "1",
    "realname": "testuser",
    "mobile": "N/A",
    "email": "test@toughradius.com",
    "username": "test01",
    "password": "888888",
    "mfa_secret": "N/A",
    "mfa_status": "disabled",
    "domain": "N/A",
    "addr_pool": "N/A",
    "mac_addr": "N/A",
    "ip_addr": "N/A",
    "active_num": 10,
    "vlanid1": 0,
    "vlanid2": 0,
    "limit_policy": "N/A",
    "up_limit_policy": "N/A",
    "down_limit_policy": "N/A",
    "up_rate": 102400,
    "down_rate": 102400,
    "bind_mac": 0,
    "bind_vlan": 0,
    "status": "enabled",
    "remark": "test user",
    "create_time": "2020-09-01 00:00:00",
    "expire_time": "2021-09-01 00:00:00",
    "update_time": "2020-09-01 00:00:00"
  }
}

- 创建订阅

POST /bss/subscribe/add

请求Header

authorization: Bearer <Api Token>
content-type: application/x-www-form-urlencoded

请求参数

status=enabled
realname=myname
mobile=N/A
email=N/A
profile_id=1
username=testuser
password=123456
tags=N/A
remark=test
active_num=1
addr_pool=N/A
up_rate=10
down_rate=10
...

响应结果

{ "code":0, "msg": "Success", data: { "id": "...", "expire_time": "..." } }

返回记录唯一ID, 和过期时间

- 批量创建

POST https://localhost:1816/bss/subscribe/add/batch

请求Header

authorization: Bearer <Api Token>
Content-Type: application/json

请求 Body

[
  {
    "username": "test011",
    "password": "888888",
    "profile_id": "1"
  },
  {
    "username": "test022",
    "password": "888888",
    "profile_id": "1"
  }
]

响应结果

{
  "code": 0,
  "msg": "Operation Success",
  "data": [
    {
      "expire_time": "2020-09-15 15:31:59",
      "id": "1305408940892557312"
    },
    {
      "expire_time": "2020-09-15 15:31:59",
      "id": "1305408940892557313"
    }
  ]
}

批量创建是一个独立的数据库事务, 要么全部成功, 要么全部失败

- 修改订阅

POST /bss/subscribe/update

请求Header

authorization: Bearer <Api Token>
content-type: application/x-www-form-urlencoded

请求参数

id=1
status=enabled
realname=myname
mobile=N/A
email=N/A
profile_id=1
username=testuser
password=123456
tags=N/A
remark=test
active_num=1
addr_pool=N/A
up_rate=10
down_rate=10
...

id 必选, 其他需要修改的值选择发送, 空值将被忽略

响应结果

{ "code": 0, "msg": "Success" }

- 批量修改

POST https://localhost:1816/bss/subscribe/update/batch

请求Header

authorization: Bearer <Api Token>
Content-Type: application/json

请求 Body

[
  {
    "username": "test0111",
    "up_rate": 100
  },
  {
    "username": "test0222",
    "up_rate": 100
  }
]

响应结果

{
  "code": 0,
  "msgtype": "info",
  "msg": "Operation Success",
  "data": {
    "test0111": "Success",
    "test0222": "Success"
  }
}

响应结果包含了每条记录的修改状态

- 删除订阅

GET /bss/subscribe/delete?ids=1303594346607874048

参数直接通过url参数ids传递,支持多个id,英文逗号分割

请求Header

authorization: Bearer <Api Token>

响应结果

{ "code": 0, "msg": "Success" }