79 lines
1.8 KiB
Go
79 lines
1.8 KiB
Go
|
package middleware
|
||
|
|
||
|
import (
|
||
|
"net/http"
|
||
|
"strings"
|
||
|
|
||
|
"github.com/gin-gonic/gin"
|
||
|
"go.uber.org/zap"
|
||
|
"joylink.club/bj-rtsts-server/db/model"
|
||
|
"joylink.club/bj-rtsts-server/dto"
|
||
|
"joylink.club/bj-rtsts-server/service"
|
||
|
)
|
||
|
|
||
|
// 用户权限缓存
|
||
|
var userAuthPathMap = make(map[int32]*dto.AuthUserStorageDto)
|
||
|
|
||
|
var PermissMiddleware = permissionMiddleware()
|
||
|
|
||
|
// 权限验证信息0
|
||
|
func permissionMiddleware() gin.HandlerFunc {
|
||
|
return func(c *gin.Context) {
|
||
|
user, _ := c.Get(IdentityKey)
|
||
|
if user == nil { // 用户未登录
|
||
|
c.Next()
|
||
|
} else {
|
||
|
uid := user.(*model.User).ID
|
||
|
zap.S().Debugf("获取用户ID:%d", uid)
|
||
|
userAuth := userAuthPathMap[uid]
|
||
|
if userAuth == nil {
|
||
|
userAuthPathMap[uid] = service.QueryUserAuthApiPath(uid)
|
||
|
userAuth = userAuthPathMap[uid]
|
||
|
}
|
||
|
if userAuth.IsAdmin { // 用户是超级管理员
|
||
|
c.Next()
|
||
|
} else {
|
||
|
path, method := c.Request.URL.Path, c.Request.Method
|
||
|
zap.S().Debugf("获取请求路径:%s, 方法:%s", path, method)
|
||
|
isVaild := validateUserPath(path, method, userAuth.AuthPaths)
|
||
|
if isVaild { // 用户有权限
|
||
|
c.Next()
|
||
|
} else {
|
||
|
c.JSON(http.StatusUnauthorized, "无权限访问")
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// 验证路径
|
||
|
func validateUserPath(path, method string, paths []*dto.AuthPath) bool {
|
||
|
reqPathArr := strings.Split(path, "/")
|
||
|
for _, p := range paths {
|
||
|
if p.Method == "*" || p.Method == method {
|
||
|
authPathArr := strings.Split(p.Path, "/")
|
||
|
isValid := true
|
||
|
for i, p := range reqPathArr {
|
||
|
if p == "{id}" || p == ":id" || p == authPathArr[i] {
|
||
|
continue
|
||
|
} else if authPathArr[i] == "*" {
|
||
|
isValid = true
|
||
|
break
|
||
|
} else {
|
||
|
isValid = false
|
||
|
break
|
||
|
}
|
||
|
}
|
||
|
if isValid {
|
||
|
return true
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
return false
|
||
|
}
|
||
|
|
||
|
// 重新登录时移除权限
|
||
|
func clearUserPermission(userId int32) {
|
||
|
delete(userAuthPathMap, userId)
|
||
|
}
|