|
|
@@ -0,0 +1,134 @@
|
|
|
+/*
|
|
|
+* @desc:中间件
|
|
|
+* @company:云南奇讯科技有限公司
|
|
|
+* @Author: yixiaohu<yxh669@qq.com>
|
|
|
+* @Date: 2022/3/17 9:17
|
|
|
+ */
|
|
|
+
|
|
|
+package service
|
|
|
+
|
|
|
+import (
|
|
|
+ "github.com/gogf/gf/v2/frame/g"
|
|
|
+ "github.com/gogf/gf/v2/net/ghttp"
|
|
|
+ "github.com/gogf/gf/v2/text/gstr"
|
|
|
+ "github.com/gogf/gf/v2/util/gconv"
|
|
|
+ commonService "github.com/tiger1103/gfast/v3/internal/app/common/service"
|
|
|
+ "github.com/tiger1103/gfast/v3/internal/app/system/model"
|
|
|
+ "github.com/tiger1103/gfast/v3/library/libResponse"
|
|
|
+)
|
|
|
+
|
|
|
+type IMiddleware interface {
|
|
|
+ Ctx(r *ghttp.Request)
|
|
|
+ Auth(r *ghttp.Request)
|
|
|
+}
|
|
|
+
|
|
|
+type middlewareImpl struct{}
|
|
|
+
|
|
|
+var middleService = middlewareImpl{}
|
|
|
+
|
|
|
+func Middleware() IMiddleware {
|
|
|
+ return IMiddleware(&middleService)
|
|
|
+}
|
|
|
+
|
|
|
+// Ctx 自定义上下文对象
|
|
|
+func (s *middlewareImpl) Ctx(r *ghttp.Request) {
|
|
|
+ ctx := r.GetCtx()
|
|
|
+ // 初始化登录用户信息
|
|
|
+ data, err := GfToken(ctx).ParseToken(r)
|
|
|
+ if err != nil {
|
|
|
+ // 执行下一步请求逻辑
|
|
|
+ r.Middleware.Next()
|
|
|
+ }
|
|
|
+ if data != nil {
|
|
|
+ context := new(model.Context)
|
|
|
+ err = gconv.Struct(data.Data, &context.User)
|
|
|
+ if err != nil {
|
|
|
+ g.Log().Error(ctx, err)
|
|
|
+ // 执行下一步请求逻辑
|
|
|
+ r.Middleware.Next()
|
|
|
+ }
|
|
|
+ Context().Init(r, context)
|
|
|
+ }
|
|
|
+ // 执行下一步请求逻辑
|
|
|
+ r.Middleware.Next()
|
|
|
+}
|
|
|
+
|
|
|
+// Auth 权限判断处理中间件
|
|
|
+func (s *middlewareImpl) Auth(r *ghttp.Request) {
|
|
|
+ ctx := r.GetCtx()
|
|
|
+ //获取登陆用户id
|
|
|
+ adminId := Context().GetUserId(ctx)
|
|
|
+ /*if r.Method != "GET" && adminId!=1{
|
|
|
+ library.FailJson(true, r, "演示系统,您没有操作权限!")
|
|
|
+ }*/
|
|
|
+ accessParams := r.Get("accessParams").Strings()
|
|
|
+ accessParamsStr := ""
|
|
|
+ if len(accessParams) > 0 && accessParams[0] != "undefined" {
|
|
|
+ accessParamsStr = "?" + gstr.Join(accessParams, "&")
|
|
|
+ }
|
|
|
+ //获取无需验证权限的用户id
|
|
|
+ tagSuperAdmin := false
|
|
|
+ User().NotCheckAuthAdminIds(ctx).Iterator(func(v interface{}) bool {
|
|
|
+ if gconv.Uint64(v) == adminId {
|
|
|
+ tagSuperAdmin = true
|
|
|
+ return false
|
|
|
+ }
|
|
|
+ return true
|
|
|
+ })
|
|
|
+ if tagSuperAdmin {
|
|
|
+ r.Middleware.Next()
|
|
|
+ //不要再往后面执行
|
|
|
+ return
|
|
|
+ }
|
|
|
+ url := gstr.TrimLeft(r.Request.URL.Path, "/") + accessParamsStr
|
|
|
+ //获取地址对应的菜单id
|
|
|
+ menuList, err := Rule().GetIsMenuStatusList(ctx)
|
|
|
+ if err != nil {
|
|
|
+ g.Log().Error(ctx, err)
|
|
|
+ libResponse.FailJson(true, r, "请求数据失败")
|
|
|
+ }
|
|
|
+ var menu *model.SysAuthRuleInfoRes
|
|
|
+ for _, m := range menuList {
|
|
|
+ ms := gstr.SubStr(m.Name, 0, gstr.Pos(m.Name, "?"))
|
|
|
+ if m.Name == url || ms == url {
|
|
|
+ menu = m
|
|
|
+ break
|
|
|
+ }
|
|
|
+ }
|
|
|
+ //只验证存在数据库中的规则
|
|
|
+ if menu != nil {
|
|
|
+ //若存在不需要验证的条件则跳过
|
|
|
+ if gstr.Equal(menu.Condition, "nocheck") {
|
|
|
+ r.Middleware.Next()
|
|
|
+ return
|
|
|
+ }
|
|
|
+ menuId := menu.Id
|
|
|
+ //菜单没存数据库不验证权限
|
|
|
+ if menuId != 0 {
|
|
|
+ //判断权限操作
|
|
|
+ enforcer, err := commonService.CasbinEnforcer(ctx)
|
|
|
+ if err != nil {
|
|
|
+ g.Log().Error(ctx, err)
|
|
|
+ libResponse.FailJson(true, r, "获取权限失败")
|
|
|
+ }
|
|
|
+ groupPolicy := enforcer.GetFilteredGroupingPolicy(0,
|
|
|
+ gconv.String(adminId))
|
|
|
+ if len(groupPolicy) == 0 {
|
|
|
+ libResponse.FailJson(true, r, "没有访问权限")
|
|
|
+ }
|
|
|
+ hasAccess := false
|
|
|
+ for _, v := range groupPolicy {
|
|
|
+ if enforcer.HasPolicy(v[1], gconv.String(menuId), "All") {
|
|
|
+ hasAccess = true
|
|
|
+ break
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if !hasAccess {
|
|
|
+ libResponse.FailJson(true, r, "没有访问权限")
|
|
|
+ }
|
|
|
+ }
|
|
|
+ } else if menu == nil && accessParamsStr != "" {
|
|
|
+ libResponse.FailJson(true, r, "没有访问权限")
|
|
|
+ }
|
|
|
+ r.Middleware.Next()
|
|
|
+}
|
yxh