rts-sim-testing-service/middleware/auth.go

package middleware

import (
	"regexp"
	"strings"

	"github.com/gin-gonic/gin"
	"go.uber.org/zap"
	"joylink.club/bj-rtsts-server/db/model"
	"joylink.club/bj-rtsts-server/dto"
	"joylink.club/bj-rtsts-server/service"
)

// 用户权限缓存
var userAuthPathMap = make(map[int32]*dto.AuthUserStorageDto)

var PermissMiddleware = permissionMiddleware()

// 权限验证信息0
func permissionMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		user, _ := c.Get(IdentityKey)
		if user == nil { // 用户未登录
			c.Next()
		} else {
			uid := user.(*model.User).ID
			userAuth := userAuthPathMap[uid]
			if userAuth == nil {
				userAuthPathMap[uid] = service.QueryUserAuthApiPath(uid)
				userAuth = userAuthPathMap[uid]
			}
			if userAuth.IsAdmin { // 用户是超级管理员
				c.Next()
			} else {
				path, method := c.Request.URL.Path, c.Request.Method
				if validateUserPath(path, method, userAuth.AuthPaths) { // 用户有权限
					c.Next()
				} else {
					zap.S().Errorf("无权限操作请求路径：%s, 方法：%s", path, method)
					panic(dto.ErrorDto{Code: dto.NoAuthOperationError, Message: "无权限操作"})
				}
			}
		}
	}
}

// 验证路径
func validateUserPath(path, method string, paths []*dto.AuthPath) bool {
	for _, p := range paths {
		if p.Method == "*" || strings.Contains(p.Method, method) { // 判断方法是否匹配
			if p.Path == path {
				return true
			} else {
				authReg, _ := regexp.Compile(p.Path)
				if authReg.MatchString(path) { // 匹配路径
					return true
				}
			}
		}
	}
	return false
}

// 重新登录时移除权限
func ClearUserPermission(userId int32) {
	delete(userAuthPathMap, userId)
}

// 修改角色后清理用户权限
func ClearUserPermissionByRid(roleId int32) {
	uids := []int32{}
	for uid, u := range userAuthPathMap {
		for _, r := range u.RoleIds {
			if r == roleId {
				uids = append(uids, uid)
				break
			}
		}
	}
	if len(uids) > 0 {
		for _, uid := range uids {
			ClearUserPermission(uid)
		}
	}
}
【权限模块】 2023-08-30 09:28:21 +08:00			`package middleware`

			`import (`
【权限匹配修改为正则匹配】 2023-08-30 15:37:44 +08:00			`"regexp"`
【权限判断】 2023-08-31 11:07:22 +08:00			`"strings"`
【权限模块】 2023-08-30 09:28:21 +08:00
			`"github.com/gin-gonic/gin"`
			`"go.uber.org/zap"`
			`"joylink.club/bj-rtsts-server/db/model"`
			`"joylink.club/bj-rtsts-server/dto"`
			`"joylink.club/bj-rtsts-server/service"`
			`)`

			`// 用户权限缓存`
			`var userAuthPathMap = make(map[int32]*dto.AuthUserStorageDto)`

			`var PermissMiddleware = permissionMiddleware()`

			`// 权限验证信息0`
			`func permissionMiddleware() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`user, _ := c.Get(IdentityKey)`
			`if user == nil { // 用户未登录`
			`c.Next()`
			`} else {`
			`uid := user.(*model.User).ID`
			`userAuth := userAuthPathMap[uid]`
			`if userAuth == nil {`
			`userAuthPathMap[uid] = service.QueryUserAuthApiPath(uid)`
			`userAuth = userAuthPathMap[uid]`
			`}`
			`if userAuth.IsAdmin { // 用户是超级管理员`
			`c.Next()`
			`} else {`
			`path, method := c.Request.URL.Path, c.Request.Method`
【删除多余代码】 2023-08-30 15:39:26 +08:00			`if validateUserPath(path, method, userAuth.AuthPaths) { // 用户有权限`
【权限模块】 2023-08-30 09:28:21 +08:00			`c.Next()`
			`} else {`
【权限路径对比逻辑】 2023-08-30 15:22:48 +08:00			`zap.S().Errorf("无权限操作请求路径：%s, 方法：%s", path, method)`
【无权限拦截】 2023-08-30 14:26:48 +08:00			`panic(dto.ErrorDto{Code: dto.NoAuthOperationError, Message: "无权限操作"})`
【权限模块】 2023-08-30 09:28:21 +08:00			`}`
			`}`
			`}`
			`}`
			`}`

			`// 验证路径`
			`func validateUserPath(path, method string, paths []*dto.AuthPath) bool {`
			`for _, p := range paths {`
【权限判断】 2023-08-31 11:07:22 +08:00			`if p.Method == "*" \|\| strings.Contains(p.Method, method) { // 判断方法是否匹配`
【权限匹配修改为正则匹配】 2023-08-30 15:37:44 +08:00			`if p.Path == path {`
【权限模块】 2023-08-30 09:28:21 +08:00			`return true`
【权限匹配修改为正则匹配】 2023-08-30 15:37:44 +08:00			`} else {`
			`authReg, _ := regexp.Compile(p.Path)`
			`if authReg.MatchString(path) { // 匹配路径`
			`return true`
			`}`
【权限模块】 2023-08-30 09:28:21 +08:00			`}`
			`}`
			`}`
			`return false`
			`}`

			`// 重新登录时移除权限`
【权限操作、仿真管理socket】 2023-08-30 13:25:57 +08:00			`func ClearUserPermission(userId int32) {`
【权限模块】 2023-08-30 09:28:21 +08:00			`delete(userAuthPathMap, userId)`
			`}`
【权限操作、仿真管理socket】 2023-08-30 13:25:57 +08:00
			`// 修改角色后清理用户权限`
			`func ClearUserPermissionByRid(roleId int32) {`
			`uids := []int32{}`
			`for uid, u := range userAuthPathMap {`
			`for _, r := range u.RoleIds {`
			`if r == roleId {`
			`uids = append(uids, uid)`
			`break`
			`}`
			`}`
			`}`
			`if len(uids) > 0 {`
			`for _, uid := range uids {`
			`ClearUserPermission(uid)`
			`}`
			`}`
			`}`