CN110363026A - File operation method, device, device, system, and computer-readable storage medium - Google Patents

Abstract

The invention relates to the technical field of financial science and technology, and discloses a file operation method, device, equipment, system and computer-readable storage medium. The file operation method includes: when a file operation request is received, acquiring user information, a target file storage path, and a target operation according to the file operation request; The user performs identity verification and operation authority verification; when both identity verification and operation authority verification pass, determine the target remote file service according to the target file storage path and preset rules; obtain super user authority through the target remote file service, and Invoking a target operation method corresponding to the target operation based on the superuser authority, and executing the target operation on the target file corresponding to the target file storage path. The invention can improve the controllability of user rights management and the security of file system operation and access.

Description

File operation method, device, device, system, and computer-readable storage medium

technical field

The present invention relates to the technical field of financial technology (Fintech), in particular to a file operation method, device, equipment, system and computer-readable storage medium.

Background technique

With the development of computer technology, more and more technologies (big data, distributed, blockchain, artificial intelligence, etc.) The industry's security and real-time requirements also put forward higher requirements for technology.

In a computer, a file system (File System) is a system for naming files and placing files for logical storage and recovery. At present, many services of financial institutions such as banks need to access various file systems for related file operations. Correspondingly, each file system provides a corresponding API (Application Programming Interface, application programming interface) for users to perform file-related operations. Operations, such as adding, deleting, reading and writing, etc. At present, the APIs provided by file systems such as local file systems and HDFS (Hadoop Distributed File System, Distributed File System) generally only allow users to access and operate their own files, but cannot handle all users’ requests in one process service. To access and operate files, unless the service is started with super user privileges, it can have all file privileges. However, enabling super user privileges for each user means that each user has the operation privileges of all files, which will lead to invalid user privileges. Control and access to file system operations is less secure.

Contents of the invention

The main purpose of the present invention is to provide a file operation method, device, equipment, system and computer-readable storage medium, aiming at improving the controllability of user rights management and the security of file system operation and access.

In order to achieve the above object, the present invention provides a file operation method, the file operation method comprising:

When a file operation request is received, user information, target file storage path and target operation are obtained according to the file operation request;

Perform identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation;

When both identity verification and operation authority verification are passed, the target remote file service is determined according to the target file storage path and preset rules;

Obtain superuser authority through the target remote file service, and invoke a target operation method corresponding to the target operation based on the superuser authority, and execute the target operation on the target file corresponding to the target file storage path.

Optionally, the user information includes user account information, token Token information, and Internet Protocol IP information, and the user is authenticated and has an operating authority based on the user information, the target file storage path, and the target operation. Verification steps include:

Obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in the preset IP whitelist, so as to authenticate the user;

The user's operation authority information is obtained according to the user account information, and the user's operation authority is verified according to the target file storage path, the target operation, and the operation authority information.

Optionally, the step of determining the target remote file service according to the target file storage path and preset rules includes:

Determine the target file system according to the target file storage path, and obtain the number of requests under the started remote file services corresponding to the target file system, and record it as the first request number;

Determining the remote file service corresponding to the smallest value in the first request quantity as the target remote file service.

Optionally, the file operation method also includes:

Regularly obtain the current request quantity under each remote file service that has been started, and record it as the second request quantity;

Detecting whether each value in the second request quantity is greater than a first preset threshold;

If each value in the second request quantity is greater than the first preset threshold, a new remote file service is started.

Optionally, after the step of periodically obtaining the current number of requests under each remote file service that has been started, which is recorded as the second number of requests, it also includes:

Detecting whether there is a value smaller than a second preset threshold in the second request quantity;

If it exists, stop the remote file service corresponding to the value smaller than the second preset threshold.

Optionally, the file operation method also includes:

After the operation is executed, a corresponding operation execution result is generated and returned to the client corresponding to the file operation request.

In addition, in order to achieve the above purpose, the present invention also provides a file operation device, the file operation device includes:

The first obtaining module is configured to obtain user information, target file storage path and target operation according to the file operation request when receiving the file operation request;

A user verification module, configured to perform identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation;

The service determination module is used to determine the target remote file service according to the target file storage path and preset rules when both the identity verification and the operation authority verification are passed;

An operation execution module, configured to obtain superuser authority through the target remote file service, and invoke a target operation method corresponding to the target operation based on the superuser authority, and execute the target file corresponding to the target file storage path The target operation.

In addition, in order to achieve the above object, the present invention also provides a file operation device, the file operation device includes: a memory, a processor, and a file operation program stored in the memory and executable on the processor, the When the file operation program is executed by the processor, the above steps of the file operation method are realized.

In addition, in order to achieve the above object, the present invention also provides a file operating system, the file operating system includes a file operating device and a client; wherein,

The file operation device is the above file operation device;

The client end is configured to receive a file system object query request triggered by a user, and obtain the file system type and proxy user information carried in the file system object query request; obtain according to the file system type and the proxy user information Proxy the file system object and display it; receive a file operation request triggered by the user based on the proxy file system object, and send the file operation request to the file operation device.

In addition, in order to achieve the above object, the present invention also provides a computer-readable storage medium, on which a file operation program is stored, and when the file operation program is executed by a processor, the above-mentioned file operation is realized. method steps.

The present invention provides a file operation method, device, equipment, system, and computer-readable storage medium. When receiving a file operation request sent by a user end, the user information, target file storage path, and target operation are obtained according to the file operation request. Then, based on the user information obtained above, the target file storage path and target operation, the user is authenticated and the operation authority is verified; when both the identity authentication and the operation authority verification pass, first determine the target according to the target file storage path and preset rules The remote file service obtains the superuser authority through the target remote file service, and invokes the target operation method corresponding to the target operation based on the superuser authority, and executes the target operation on the target file corresponding to the target file storage path. Through the above method, in the present invention, it is only necessary to carry out identity verification and operation authority verification to the user. After identity verification and operation authority verification are all passed, the super user authority can be obtained to operate the files of the proxy user (i.e. other users). Compared with the prior art, the present invention does not need to enable super user rights for each user, can realize complete controllability of user rights management, and can improve the security of operating and accessing different file systems.

Description of drawings

FIG. 1 is a schematic diagram of the device structure of the hardware operating environment involved in the solution of the embodiment of the present invention;

Fig. 2 is a schematic flow chart of the first embodiment of the file operation method of the present invention;

Fig. 3 is a schematic diagram of functional modules of the first embodiment of the file operation device of the present invention.

The realization of the purpose of the present invention, functional characteristics and advantages will be further described in conjunction with the embodiments and with reference to the accompanying drawings.

Detailed ways

It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

Referring to FIG. 1 , FIG. 1 is a schematic diagram of the device structure of the hardware operating environment involved in the solution of the embodiment of the present invention.

The file operation device in the embodiment of the present invention may be a smart phone, or a terminal device such as a PC (Personal Computer, personal computer), a tablet computer, or a portable computer.

As shown in FIG. 1 , the file operation device may include: a processor 1001 , such as a CPU, a communication bus 1002 , a user interface 1003 , a network interface 1004 , and a memory 1005 . Wherein, the communication bus 1002 is used to realize connection and communication between these components. The user interface 1003 may include a display screen (Display), an input unit such as a keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a wireless interface. Optionally, the network interface 1004 may include a standard wired interface and a wireless interface (such as a Wi-Fi interface). The memory 1005 can be a high-speed RAM memory, or a stable memory (non-volatile memory), such as a disk memory. Optionally, the memory 1005 may also be a storage device independent of the aforementioned processor 1001 .

Those skilled in the art can understand that the structure of the file operation device shown in Figure 1 does not constitute a limitation on the file operation device, and may include more or less components than those shown in the illustration, or combine some components, or different components layout.

As shown in FIG. 1 , the memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module, and a file operation program.

In the terminal shown in Figure 1, the network interface 1004 is mainly used to connect to the background server and perform data communication with the background server; the user interface 1003 is mainly used to connect to the client and perform data communication with the client; and the processor 1001 can be used for Call the file operation program stored in memory 1005, and perform the following operations:

When a file operation request is received, user information, target file storage path and target operation are obtained according to the file operation request;

Perform identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation;

When both identity verification and operation authority verification are passed, the target remote file service is determined according to the target file storage path and preset rules;

Obtain superuser authority through the target remote file service, and invoke a target operation method corresponding to the target operation based on the superuser authority, and execute the target operation on the target file corresponding to the target file storage path.

Further, the user information includes user account information, token Token information and Internet Protocol IP information, the processor 1001 can call the file operation program stored in the memory 1005, and also perform the following operations:

Obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in the preset IP whitelist, so as to authenticate the user;

The user's operation authority information is obtained according to the user account information, and the user's operation authority is verified according to the target file storage path, the target operation, and the operation authority information.

Further, the processor 1001 may call the file operation program stored in the memory 1005, and perform the following operations:

Determine the target file system according to the target file storage path, and obtain the number of requests under the started remote file services corresponding to the target file system, and record it as the first request number;

Determining the remote file service corresponding to the smallest value in the first request quantity as the target remote file service.

Further, the processor 1001 may call the file operation program stored in the memory 1005, and perform the following operations:

Regularly obtain the current request quantity under each remote file service that has been started, and record it as the second request quantity;

Detecting whether each value in the second request quantity is greater than a first preset threshold;

If each value in the second request quantity is greater than the first preset threshold, a new remote file service is started.

Further, the processor 1001 may call the file operation program stored in the memory 1005, and perform the following operations:

Detecting whether there is a value smaller than a second preset threshold in the second request quantity;

If it exists, stop the remote file service corresponding to the value smaller than the second preset threshold.

Further, the processor 1001 may call the file operation program stored in the memory 1005, and perform the following operations:

After the operation is executed, a corresponding operation execution result is generated and returned to the client corresponding to the file operation request.

Based on the above hardware structure, various embodiments of the file operation method of the present invention are proposed.

The invention provides a file operation method.

Referring to FIG. 2 , FIG. 2 is a schematic flowchart of the first embodiment of the file operation method of the present invention.

In this embodiment, the file operation method includes:

Step S10, when a file operation request is received, obtain user information, target file storage path and target operation according to the file operation request;

The file operation method in this embodiment is implemented by a file operation device, and the device is described by taking a server as an example. Among them, the device is equipped with an engine manager service (IO-EM, Input/Output-Engine Mamager) and a remote file service (IO-Engine), and provides a compatible API (Application Programming Interface, application programming interface) to receive the client The file operation request sent, wherein, IO-EM is used to receive the file operation request triggered by the user, and obtain user information, target file storage path and target operation according to the file operation request, and then perform identity verification and operation authority verification on the user, and also It is used to monitor the load status of each remote file service IO-Engine, and then determine the target remote file service. It is also used to control the start and stop of the corresponding IO-Engine according to the load status of the IO-Engine, and is also used to receive operations sent by the IO-Engine. Execute the result and return it to the client; the remote file service IO-Engine is used to obtain the superuser authority of the file system, and based on the superuser authority, call the file operation method corresponding to the obtained target operation on the target file system File operations are performed on files, and are also used to generate corresponding operation execution results and send them to IO-EM. It should be noted that the IO-Engine corresponds to the type of file system. The file system can include local file system (local), distributed file system (HDFS) and other types of file systems. Each type of file system corresponds to The IO-Engine also includes multiple. Through the file operation device, remote access operations to various types of file systems can be realized.

In this embodiment, the server receives the file operation request remotely sent by the client through its compatible API interface through IO-EM, and when receiving the file operation request sent by the client through IO-EM, obtains the user's Information, target file storage path and target operation, wherein, user information may include but not limited to account information, Token (token) information and IP (Internet Protocol, Internet Protocol) information.

Step S20, based on the user information, the storage path of the target file and the target operation, perform identity verification and operation authority verification for the user;

After obtaining the user information, target file storage path and target operation, the IO-EM in the server performs identity verification and operation authority verification on the user based on the user information, target file storage path and target operation, wherein the user information includes user account information , Token (token) information and IP (Internet Protocol, Internet Protocol) information, user account information is the user's account name, Token information can be a fixed Token code assigned to the user in advance, or can be assigned to the user by A random Token code generated by the Token generating device in real time, and the IP information is the IP address of the client, and step S20 includes:

Step a1: Obtain the verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in the preset IP whitelist, so as to authenticate the user ;

For identity verification, you can first obtain the verification token corresponding to the user account information. Correspondingly, the verification token can be a pre-saved fixed token code assigned to the user, or a random token code sent synchronously by the token generation device. Then compare the Token information with the verification Token, and detect whether the IP information is in the preset IP whitelist, so as to authenticate the user. When the comparison result shows that the Token information is the same as the verification Token, and the IP information is in the preset IP whitelist, the identity verification is passed. When the comparison result shows that the Token information is not the same as the verification Token, and/or the IP information is not in the preset IP whitelist, the identity verification fails. It should be noted that, in a specific embodiment, user identity verification may be performed based on only one of Token information and IP information, and of course, user identity verification may also be performed based on other information.

In step a2, the user's operation authority information is obtained according to the user account information, and the user's operation authority is verified according to the target file storage path, the target operation, and the operation authority information.

For the verification of the operation authority, the user's operation authority information can be obtained first according to the user account information, wherein the operation authority information can include which file systems and which files (folders) of which other users (proxy users) the user owns. Operating authority. Specifically, the mapping relationship between user account information and operation authority information can be preset, and then the user's operation authority can be obtained according to the user account information and the preset mapping relationship between user account information and operation authority information. information.

Then, judge whether the user has the corresponding operation authority according to the target file storage path, target operation and operation authority information, so as to verify the user's operation authority. Specifically, it can detect whether the target file storage path and the target operation correspond to the operation authority information within the scope of authority; if it is within the scope of authority, the operation authority verification is passed; if it is not within the scope of authority, the operation authority verification fails. Wherein, the target file storage path corresponds to the target proxy user, the target file system and the target file (folder), and the corresponding target proxy user, target file system and target file (folder) can be determined according to the target file storage path, and then according to The determined target file storage path, target operation and operation authority information determine whether the user has the corresponding operation authority. It should be noted that in the actual application process, the type of information required to determine whether the user has the operation authority can be determined according to the type of information specifically limited by the operation authority information. For example, if the operation authority information only limits Proxy users, file systems and files (folders), without limiting the target operation, can determine whether the user has the operation permission based on the storage path of the target file and the operation permission information.

In addition, it should be noted that, in a specific embodiment, steps a1 and a2 are executed in no particular order. It can be understood that when any step in a1 and a2 is executed, and the result is that the verification fails, another step does not need to be performed. For example, when the identity verification is performed first, and the result is that the verification fails, there is no need to proceed with the authorization of the operation Verification. At this time, corresponding prompt information may be directly generated and sent to the user end to prompt the user that the verification fails.

Of course, it is understandable that managers can also personalize the corresponding security verification rules according to actual needs, for example, only perform identity verification or operation authority verification, or use other security verification methods.

Step S30, when both identity verification and operation authority verification pass, determine the target remote file service according to the target file storage path and preset rules;

When both the identity verification and the operation authority verification pass, the IO-EM in the server determines the target remote file service according to the target file storage path and preset rules. Specifically, the step "determine according to the target file storage path and preset rules Target Remote File Services" includes:

Step b1, determine the target file system according to the storage path of the target file, and obtain the number of requests under the started remote file services corresponding to the target file system, and record it as the first request number;

Step b2, determining the remote file service corresponding to the smallest value in the first request quantity as the target remote file service.

When there are multiple file system types, you can first determine the target file system according to the target file storage path, and obtain the number of requests under the started remote file services corresponding to the target file system. For the convenience of distinction and subsequent description, you can use The number of requests under each started remote file service IO-Engine corresponding to the target file system is recorded as the first request number. Since there are multiple IO-Engines, the corresponding first request number also includes multiple numbers. Then, in order to achieve load balancing, the remote file service IO-Engine corresponding to the smallest value in the first number of requests may be determined as the target remote file service.

Step S40, obtain the superuser authority through the target remote file service, and based on the superuser authority, call the target operation method corresponding to the target operation, and execute the target file corresponding to the target file storage path operate.

After the target remote file service is determined, the superuser authority can be obtained through the target remote file service, and the target operation method corresponding to the target operation is invoked based on the superuser authority, and the target operation is performed on the target file corresponding to the target file storage path . Specifically, from the perspective of the bottom layer, after the IO-EM determines that the target remote file service is obtained, the super user can start the target IO-Engine (that is, start the target IO-Engine after logging in with the super user account), and send the file operation request to The target remote file service (target IO-Engine), so that the target IO-Engine obtains superuser authority, and then the target IO-Engine can call the target operation method corresponding to the target operation based on the superuser authority, and store the path to the target file The corresponding object file performs the object operation.

In the file operation process of financial institutions such as banks, the present invention first performs identity verification and operation authority verification on the user after obtaining user information, target file storage path and target operation, and determines the target remote file service after the verification is passed. Then obtain the superuser authority through the target remote file service, call the target operation method corresponding to the target operation based on the superuser authority, and execute the target operation on the target file corresponding to the target file storage path, without enabling the superuser for each user of the enterprise Permissions can realize complete control over enterprise user rights management, that is, improve the controllability of enterprise user rights, and at the same time, can also improve the security of file system operation and access.

An embodiment of the present invention provides a file operation method. When a file operation request sent by a client is received, user information, target file storage path, and target operation are obtained according to the file operation request, and then based on the obtained user information, target The file storage path and target operation verify the identity and operation authority of the user; when the identity authentication and operation authority verification pass, first determine the target remote file service according to the target file storage path and preset rules, and then pass the target remote file service The superuser authority is obtained, and based on the superuser authority, the target operation method corresponding to the target operation is invoked, and the target operation is performed on the target file corresponding to the target file storage path. Through the above method, in the embodiment of the present invention, it is only necessary to perform identity verification and operation authority verification on the user. After the identity verification and operation authority verification are all passed, the super user authority can be obtained to operate the files of the proxy user (that is, other users) Compared with the prior art, the embodiment of the present invention does not need to enable super user authority for each user, can realize complete controllability of user authority management, and can improve the security of operation and access of different file systems.

Further, based on the first embodiment shown in FIG. 2 , a second embodiment of the file operation method of the present invention is proposed.

In this embodiment, the file operation method also includes:

Step A, regularly obtain the current number of requests under each remote file service that has been started, and record it as the second number of requests;

In this embodiment, the server can monitor the load status of each remote file service (IO-Engine) through the engine manager (IO-EM), and control the start and stop of the IO-Engine according to the load status, so as to achieve the purpose of load balancing. Specifically, IO-EM can regularly obtain the current number of requests under each started remote file service, and for the convenience of distinction and subsequent expression, the acquired current number of requests under each started remote file service can be recorded as the second request quantity. Wherein, the current number of requests under the remote file service is the number of file operation requests to be processed under the remote file service. The periodicity can be set every 3 hours. Of course, it can also be set according to actual needs, which is not specifically limited here. Since there are multiple remote file services, correspondingly, the second request quantity also includes multiple.

Step B, detecting whether each value in the second request quantity is greater than a first preset threshold;

After obtaining the second request quantity, detect whether each value in the second request quantity is greater than the first preset threshold, wherein the first preset threshold can be set to 10, of course, it can also be set according to actual needs , not specifically limited here.

Step C, if each value in the second request quantity is greater than a first preset threshold, start a new remote file service.

If the values of the second request quantity are greater than the first preset threshold, it means that all the IO-Engines are overloaded. At this time, a new remote file service IO-Engine is started.

It should be noted that since each remote file service IO-Engine corresponds to the type of file system, for example, the file system may include local file system (local), distributed file system (HDFS) and other types of file systems, each The IO-Engine corresponding to the type of file system also includes multiple. Therefore, in a specific embodiment, the current remote file service IO-Engine under the started remote file service of each type of file system can also be obtained respectively according to the type of the file system. The number of requests (respectively recorded as the third request number, the fourth request number, ... the Nth request number), and then respectively detect whether each value in the third request number, the fourth request number, ... the Nth request number is greater than The first preset threshold, if each value in a certain request quantity is greater than the first preset threshold, a new IO-Engine under the file system corresponding to the request quantity can be started. For example, the third request number corresponds to the local file system, and when it is detected that each value in the third request number is greater than the first preset threshold, a new IO-Engine corresponding to the local file system is started.

Further, after step A, the file operation method may also include:

Step D, detecting whether there is a value smaller than a second preset threshold in the second request quantity;

If yes, execute step E: stop the remote file service corresponding to the existing value smaller than the second preset threshold.

In addition, after obtaining the second request quantity, it is also possible to detect whether there is a value smaller than the second preset threshold in the second request quantity, wherein the second preset threshold can be set to 0, of course, it can also be performed according to actual needs setting, not specifically limited here. If it is detected that there is a value smaller than the second preset threshold in the second number of requests, it means that there is an idle remote file service, and at this time, the remote file service corresponding to the existing value smaller than the second preset threshold is stopped, that is Stop idle remote file services.

Of course, it should be noted that, in a specific embodiment, external devices, such as IR (IntelligentRouting, intelligent routing), can also be used to monitor the load of each IO-Engine (that is, the number of current requests), that is, to obtain the IO-Engine regularly through IR The current number of requests under each remote file service that has been started is recorded as the second number of requests; and then the relationship between each value in the second number of requests and the first preset threshold is detected through IR, and the corresponding number of requests is generated according to the detection result. Notify the information and send it to IO-EM, so that IO-EM controls the start and stop of the corresponding IO-Engine according to the notification information. Wherein, the specific detection method is the same as in the above-mentioned embodiment, that is, to detect whether each value in the second request quantity is greater than the first preset threshold; if each value in the second request quantity is greater than the first If the threshold is preset, a notification message for starting a new remote file service is generated and sent to the IO-EM, so that the IO-EM starts the corresponding new IO-Engine according to the notification message; at the same time, it detects whether there is a A value smaller than the second preset threshold, if there is a value smaller than the second preset threshold in the second number of requests, a notification message to stop the remote file service is generated and sent to the IO-EM, so that the IO-EM Stop the corresponding idle IO-Engine.

It can be understood that in the first embodiment above, in the process of determining the target remote file service according to the target file storage path and preset rules, the first request quantity can be obtained not only directly by IO-EM, but also by IR.

Further, based on the first embodiment shown in FIG. 2 , a third embodiment of the file operation method of the present invention is proposed.

In this embodiment, after step S40, the file operation method further includes:

After the operation is executed, a corresponding operation execution result is generated and returned to the client corresponding to the file operation request.

In this embodiment, in order for the user to understand the execution result of the operation, after the operation is executed, the corresponding operation execution result may be generated, and the operation execution result may be returned to the client corresponding to the file operation request. Wherein, the operation execution result includes operation execution success and operation execution failure, etc. Wherein, when the operation execution fails, a corresponding failure reason may be returned, so that the user can perform correction processing.

The invention also provides a file operating system, which includes a file operating device and a user terminal. Wherein, the file operation device is the file operation device as shown in FIG. 1, and is used to execute the steps in the above file operation method embodiment. The specific functions and implementation process can refer to the above embodiment, and will not be repeated here.

The client end is configured to receive a file system object query request triggered by a user, and obtain the file system type and proxy user information carried in the file system object query request; obtain according to the file system type and the proxy user information Proxy the file system object and display it; receive a file operation request triggered by the user based on the proxy file system object, and send the file operation request to the file operation device.

In this embodiment, the client may be a terminal such as a smart phone or a PC, integrated with an sdk (Software Development Kit, software development kit) packaged by multiple modules. Specifically, the sdk encapsulated by multiple modules may include three modules: FsFactory (file system factory), ProxyFS (proxy file system) and IO-Client (input/output), wherein FsFactory is used to obtain The file system type and proxy user information are obtained in the file system object query request; ProxyFS is used to receive the file system type (such as local file system, HDFS file system, etc.) The information is encapsulated in a preset manner to obtain the corresponding proxy file system object, wherein the proxy file system object includes the operation method for the file (folder) in the file system corresponding to the proxy user, for example, to obtain the size of the file (folder) , operation methods for creating, deleting files (folders), reading and writing files, etc.; the IO-Client is used to receive the file operation request triggered by the user, and send the file operation request to the file operation device through a compatible API interface; It can be used to receive and display the operation execution result returned by the file operation device.

Specifically, when a user needs to perform a certain target operation on a file (folder) corresponding to a certain target file storage path, the user can first determine the type of the target file system and the target proxy user according to the target file storage path, and then through the user terminal The corresponding software or App (Application, application program) in the input file system type (that is, the type of the target file system) and proxy user information (that is, the information of the target proxy user, which can be the user name of the target proxy user), after the input is completed, the A file system object query request can be triggered. At this time, when the client receives the file system object query request triggered by the user, it obtains the file system type and proxy user information carried in the file system object query request, wherein the file system type can be Including the local file system, the HDFS file system, etc., the proxy user information may be the username of another user (ie, the proxy user) to be accessed. Then, the file system type and the proxy user information are encapsulated to obtain the proxy file system object and displayed on the screen of the client, wherein the proxy file system object includes the operation method corresponding to the target operation, when the user inquires After the proxy file system object, the proxy user's file can be operated. Specifically, the user can trigger a file operation request based on the operation method of the target operation and the storage path of the target file in the proxy file system object. At this time , when receiving the file operation request, the client sends the file operation request to the file operation device, so that the file operation device processes the file operation request.

This embodiment provides a file operating system. The file operating system includes a file operating device and a client. By constructing the above file operating system, it is convenient for the user to access and operate the remote file system through the client. At the same time, the file operating device can Unified management of each file system is realized, without the need to enable super user privileges for each user, complete control over user rights management can be realized, and the security of operation and access of different file systems can be improved.

The invention also provides a file operation device.

Referring to FIG. 3 , FIG. 3 is a schematic diagram of functional modules of the first embodiment of the file operating device of the present invention.

As shown in Figure 3, the file operation device includes:

The first obtaining module 10 is configured to obtain user information, target file storage path and target operation according to the file operation request when receiving the file operation request;

A user verification module 20, configured to perform identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation;

The service confirmation module 30 is used to determine the target remote file service according to the target file storage path and preset rules when both the identity verification and the operation authority verification are passed;

An operation execution module 40, configured to obtain a superuser authority through the target remote file service, and invoke a target operation method corresponding to the target operation based on the superuser authority, and perform a target file corresponding to the target file storage path Execute the target action.

Further, the user information includes user account information, token Token information and Internet Protocol IP information, and the user verification module 20 includes:

An identity verification unit, configured to obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in the preset IP whitelist, so as to authenticate the user perform identity verification;

The authority verification unit is configured to obtain the user's operation authority information according to the user account information, and verify the user's operation authority according to the target file storage path, the target operation, and the operation authority information.

Further, the service confirmation module 30 includes:

The first acquisition unit is configured to determine the target file system according to the target file storage path, and acquire the number of requests under the started remote file services corresponding to the target file system, which is recorded as the first request number;

The first determining unit is configured to determine the remote file service corresponding to the smallest value in the first request quantity as the target remote file service.

Further, the file operation device also includes:

The second obtaining module is used to regularly obtain the current request quantity under each remote file service that has been started, and record it as the second request quantity;

A first detection module, configured to detect whether each value in the second request quantity is greater than a first preset threshold;

A service starting module, configured to start a new remote file service if each value in the second request quantity is greater than a first preset threshold.

Further, the file operation device also includes:

A second detection module, configured to detect whether there is a value smaller than a second preset threshold in the second request quantity;

A service stop module, configured to stop the remote file service corresponding to the existing value smaller than the second preset threshold, if it exists.

Further, the file operation device also includes:

The result returning module is configured to generate a corresponding operation execution result after the operation is executed, and return it to the client corresponding to the file operation request.

Wherein, the function implementation of each module in the above-mentioned file operation device corresponds to each step in the above-mentioned file operation method embodiment, and its functions and implementation processes will not be repeated here.

The present invention also provides a computer-readable storage medium, where a file operation program is stored on the computer-readable storage medium, and when the file operation program is executed by a processor, the file operation method described in any one of the above embodiments is implemented. step.

The specific embodiments of the computer-readable storage medium of the present invention are basically the same as the embodiments of the above-mentioned file operation method, and will not be repeated here.

It should be noted that, as used herein, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or system comprising a set of elements includes not only those elements, It also includes other elements not expressly listed, or elements inherent in the process, method, article, or system. Without further limitations, an element defined by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article or system comprising that element.

The serial numbers of the above embodiments of the present invention are for description only, and do not represent the advantages and disadvantages of the embodiments.

Through the description of the above embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus a necessary general-purpose hardware platform, and of course also by hardware, but in many cases the former is better implementation. Based on such an understanding, the technical solution of the present invention can be embodied in the form of a software product in essence or in other words, the part that contributes to the prior art, and the computer software product is stored in a storage medium (such as ROM/RAM) as described above. , magnetic disk, optical disk), including several instructions to make a terminal device (which may be a mobile phone, computer, server, air conditioner, or network device, etc.) execute the method described in each embodiment of the present invention.

The above are only preferred embodiments of the present invention, and are not intended to limit the patent scope of the present invention. Any equivalent structure or equivalent process conversion made by using the description of the present invention and the contents of the accompanying drawings, or directly or indirectly used in other related technical fields , are all included in the scope of patent protection of the present invention in the same way.

Claims (10)

1. A file operation method, characterized in that, the file operation method comprises: When a file operation request is received, user information, target file storage path and target operation are obtained according to the file operation request; Perform identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation; When both identity verification and operation authority verification are passed, the target remote file service is determined according to the target file storage path and preset rules; Obtain superuser authority through the target remote file service, and invoke a target operation method corresponding to the target operation based on the superuser authority, and execute the target operation on the target file corresponding to the target file storage path. 2. The file operation method according to claim 1, wherein said user information comprises user account information, token Token information and Internet Protocol IP information, and said target file storage path based on said user information The steps of performing identity verification and operation authority verification on the user with the target operation include: Obtain a verification Token corresponding to the user account information, compare the Token information with the verification Token, and detect whether the IP information is in the preset IP whitelist, so as to authenticate the user; The user's operation authority information is obtained according to the user account information, and the user's operation authority is verified according to the target file storage path, the target operation, and the operation authority information. 3. The file operation method according to claim 1, wherein the step of determining the target remote file service according to the target file storage path and preset rules comprises: Determine the target file system according to the target file storage path, and obtain the number of requests under the started remote file services corresponding to the target file system, and record it as the first request number; Determining the remote file service corresponding to the smallest value in the first request quantity as the target remote file service. 4. The file operation method according to any one of claims 1 to 3, wherein the file operation method further comprises: Regularly obtain the current request quantity under each remote file service that has been started, and record it as the second request quantity; Detecting whether each value in the second request quantity is greater than a first preset threshold; If each value in the second request quantity is greater than the first preset threshold, a new remote file service is started. 5. The file operation method as claimed in claim 4, characterized in that, after the step of periodically obtaining the current request quantity under each remote file service that has been started, and recording it as the second request quantity, it also includes: Detecting whether there is a value smaller than a second preset threshold in the second request quantity; If it exists, stop the remote file service corresponding to the value smaller than the second preset threshold. 6. The file operation method according to any one of claims 1 to 3, wherein the file operation method further comprises: After the operation is executed, a corresponding operation execution result is generated and returned to the client corresponding to the file operation request. 7. A file operation device, characterized in that the file operation device comprises: The first obtaining module is configured to obtain user information, target file storage path and target operation according to the file operation request when receiving the file operation request; A user verification module, configured to perform identity verification and operation authority verification on the user based on the user information, the target file storage path and the target operation; The service determination module is used to determine the target remote file service according to the target file storage path and preset rules when both the identity verification and the operation authority verification are passed; An operation execution module, configured to obtain superuser authority through the target remote file service, and invoke a target operation method corresponding to the target operation based on the superuser authority, and execute the target file corresponding to the target file storage path The target operation. 8. A file operation device, characterized in that the file operation device comprises: a memory, a processor, and a file operation program stored in the memory and operable on the processor, the file operation program being executed by The processor realizes the steps of the file operation method according to any one of claims 1 to 6 when executed. 9. A file operating system, characterized in that, the file operating system includes a file operating device and a client; wherein, The file operation device is the file operation device according to claim 8; The client end is configured to receive a file system object query request triggered by a user, and obtain the file system type and proxy user information carried in the file system object query request; obtain according to the file system type and the proxy user information Proxy the file system object and display it; receive a file operation request triggered by the user based on the proxy file system object, and send the file operation request to the file operation device. 10. A computer-readable storage medium, characterized in that, a file operation program is stored on the computer-readable storage medium, and when the file operation program is executed by a processor, it realizes any one of claims 1 to 6. The steps of the file operation method described above.