93 lines
2.0 KiB
Go
93 lines
2.0 KiB
Go
package middleware
|
|
|
|
import (
|
|
"log/slog"
|
|
"net/http"
|
|
"regexp"
|
|
"strings"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"joylink.club/bj-rtsts-server/db/model"
|
|
"joylink.club/bj-rtsts-server/dto"
|
|
"joylink.club/bj-rtsts-server/service"
|
|
"joylink.club/bj-rtsts-server/sys_error"
|
|
)
|
|
|
|
// 用户权限缓存
|
|
var userAuthPathMap = make(map[int32]*dto.AuthUserStorageDto)
|
|
|
|
var PermissMiddleware = permissionMiddleware()
|
|
|
|
// 权限验证信息0
|
|
func permissionMiddleware() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
user, _ := c.Get(IdentityKey)
|
|
if user == nil { // 用户未登录
|
|
c.Next()
|
|
return
|
|
}
|
|
uid := user.(*model.User).ID
|
|
userAuth := userAuthPathMap[uid]
|
|
if userAuth == nil {
|
|
userAuthPathMap[uid] = service.QueryUserAuthApiPath(uid)
|
|
userAuth = userAuthPathMap[uid]
|
|
}
|
|
if userAuth.IsAdmin { // 用户是超级管理员
|
|
c.Next()
|
|
return
|
|
}
|
|
path, method := c.Request.URL.Path, c.Request.Method
|
|
if method == http.MethodGet {
|
|
c.Next()
|
|
return
|
|
}
|
|
if validateUserPath(path, method, userAuth.AuthPaths) { // 用户有权限
|
|
c.Next()
|
|
return
|
|
}
|
|
slog.Error("无权限操作请求路径", "path", path, "method", method)
|
|
panic(sys_error.NewCode("权限不足", 403))
|
|
}
|
|
}
|
|
|
|
// 验证路径
|
|
func validateUserPath(path, method string, paths []*dto.AuthPath) bool {
|
|
for _, p := range paths {
|
|
if p.Method != "*" && !strings.Contains(p.Method, method) { // 判断方法是否匹配
|
|
continue
|
|
}
|
|
if p.Path == path {
|
|
return true
|
|
}
|
|
authReg, _ := regexp.Compile(p.Path)
|
|
if authReg.MatchString(path) { // 匹配路径
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// 重新登录时移除权限
|
|
func ClearUserPermission(userId int32) {
|
|
delete(userAuthPathMap, userId)
|
|
}
|
|
|
|
// 修改角色后清理用户权限
|
|
func ClearUserPermissionByRid(roleId int32) {
|
|
var uids []int32
|
|
for uid, u := range userAuthPathMap {
|
|
for _, r := range u.RoleIds {
|
|
if r == roleId {
|
|
uids = append(uids, uid)
|
|
break
|
|
}
|
|
}
|
|
}
|
|
if len(uids) == 0 {
|
|
return
|
|
}
|
|
for _, uid := range uids {
|
|
ClearUserPermission(uid)
|
|
}
|
|
}
|