rts-sim-testing-service/middleware/auth.go

package middleware

import (
	"net/http"
	"strings"

	"github.com/gin-gonic/gin"
	"go.uber.org/zap"
	"joylink.club/bj-rtsts-server/db/model"
	"joylink.club/bj-rtsts-server/dto"
	"joylink.club/bj-rtsts-server/service"
)

// 用户权限缓存
var userAuthPathMap = make(map[int32]*dto.AuthUserStorageDto)

var PermissMiddleware = permissionMiddleware()

// 权限验证信息0
func permissionMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		user, _ := c.Get(IdentityKey)
		if user == nil { // 用户未登录
			c.Next()
		} else {
			uid := user.(*model.User).ID
			zap.S().Debugf("获取用户ID:%d", uid)
			userAuth := userAuthPathMap[uid]
			if userAuth == nil {
				userAuthPathMap[uid] = service.QueryUserAuthApiPath(uid)
				userAuth = userAuthPathMap[uid]
			}
			if userAuth.IsAdmin { // 用户是超级管理员
				c.Next()
			} else {
				path, method := c.Request.URL.Path, c.Request.Method
				zap.S().Debugf("获取请求路径：%s, 方法：%s", path, method)
				isVaild := validateUserPath(path, method, userAuth.AuthPaths)
				if isVaild { // 用户有权限
					c.Next()
				} else {
					c.JSON(http.StatusUnauthorized, "无权限访问")
				}
			}
		}
	}
}

// 验证路径
func validateUserPath(path, method string, paths []*dto.AuthPath) bool {
	reqPathArr := strings.Split(path, "/")
	for _, p := range paths {
		if p.Method == "*" || p.Method == method {
			authPathArr := strings.Split(p.Path, "/")
			isValid := true
			for i, p := range reqPathArr {
				if p == "{id}" || p == ":id" || p == authPathArr[i] {
					continue
				} else if authPathArr[i] == "*" {
					isValid = true
					break
				} else {
					isValid = false
					break
				}
			}
			if isValid {
				return true
			}
		}
	}
	return false
}

// 重新登录时移除权限
func clearUserPermission(userId int32) {
	delete(userAuthPathMap, userId)
}