wangdisen
/
tyj_admin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
3.2 MiB
Tree: c10d6b45d9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c10d6b45d9'
${ noResults }
tyj_admin/internal/service/middleware.go

138 lines
3.4 KiB
Raw Normal View History Unescape

第一次提交
3 years ago
/*
* @desc:中间件处理
*
* <yxh669@qq.com>
* @Date: 2022/3/17 9:11
*/
package service
import (
"fmt"
"github.com/gogf/gf/v2/frame/g"
"github.com/gogf/gf/v2/net/ghttp"
"github.com/gogf/gf/v2/text/gstr"
"github.com/gogf/gf/v2/util/gconv"
"tyj_admin/internal/model"
"tyj_admin/library/libResponse"
)
type IMiddleware interface {
MiddlewareCORS(r *ghttp.Request)
Ctx(r *ghttp.Request)
Auth(r *ghttp.Request)
}
type middlewareImpl struct{}
var middleService = middlewareImpl{}
func Middleware() IMiddleware {
return &middleService
}
func (s *middlewareImpl) MiddlewareCORS(r *ghttp.Request) {
corsOptions := r.Response.DefaultCORSOptions()
// you can set options
//corsOptions.AllowDomain = []string{"goframe.org", "baidu.com"}
r.Response.CORS(corsOptions)
r.Middleware.Next()
}
// Ctx 自定义上下文对象
func (s *middlewareImpl) Ctx(r *ghttp.Request) {
ctx := r.GetCtx()
// 初始化登录用户信息
data, err := SysGfToken().ParseToken(r)
if err != nil {
// 执行下一步请求逻辑
r.Middleware.Next()
}
if data != nil {
context := new(model.Context)
err = gconv.Struct(data.Data, &context.User)
if err != nil {
g.Log().Error(ctx, err)
// 执行下一步请求逻辑
r.Middleware.Next()
}
Context().Init(r, context)
}
// 执行下一步请求逻辑
r.Middleware.Next()
}
// Auth 权限判断处理中间件
func (s *middlewareImpl) Auth(r *ghttp.Request) {
ctx := r.GetCtx()
//获取登陆用户id
adminId := Context().GetUserId(ctx)
accessParams := r.Get("accessParams").Strings()
accessParamsStr := ""
if len(accessParams) > 0 && accessParams[0] != "undefined" {
accessParamsStr = "?" + gstr.Join(accessParams, "&")
}
url := gstr.TrimLeft(r.Request.URL.Path, "/") + accessParamsStr
/*if r.Method != "GET" && adminId != 1 && url!="api/v1/system/login" {
libResponse.FailJson(true, r, "对不起!演示系统,不能删改数据!")
}*/
//获取无需验证权限的用户id
tagSuperAdmin := false
User().NotCheckAuthAdminIds(ctx).Iterator(func(v interface{}) bool {
if gconv.Uint64(v) == adminId {
tagSuperAdmin = true
return false
}
return true
})
if tagSuperAdmin {
r.Middleware.Next()
//不要再往后面执行
return
}
//获取地址对应的菜单id
menuList, err := Rule().GetMenuList(ctx)
if err != nil {
g.Log().Error(ctx, err)
libResponse.FailJson(true, r, "请求数据失败")
}
var menu *model.SysAuthRuleInfoRes
for _, m := range menuList {
ms := gstr.SubStr(m.Name, 0, gstr.Pos(m.Name, "?"))
if m.Name == url || ms == url {
menu = m
break
}
}
//只验证存在数据库中的规则
if menu != nil {
//若存在不需要验证的条件则跳过
if gstr.Equal(menu.Condition, "nocheck") {
r.Middleware.Next()
return
}
menuId := menu.Id
//菜单没存数据库不验证权限
if menuId != 0 {
//判断权限操作
enforcer, err := CasbinEnforcer(ctx)
if err != nil {
g.Log().Error(ctx, err)
libResponse.FailJson(true, r, "获取权限失败")
}
hasAccess := false
hasAccess, err = enforcer.Enforce(fmt.Sprintf("%s%d", userService.CasBinUserPrefix, adminId), gconv.String(menuId), "All")
if err != nil {
g.Log().Error(ctx, err)
libResponse.FailJson(true, r, "判断权限失败")
}
if !hasAccess {
libResponse.FailJson(true, r, "没有访问权限")
}
}
} else if menu == nil && accessParamsStr != "" {
libResponse.FailJson(true, r, "没有访问权限")
}
r.Middleware.Next()
}