fusen/fusenapi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

权限检验中间件

Browse Source
This commit is contained in:
momo 2023-11-27 14:46:50 +08:00
parent 205767efd5
commit 4889590b35
9 changed files with 107 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
model/gmodel/fs_product_template_v2_gen.go
View File

@ -11,9 +11,9 @@ type FsProductTemplateV2 struct {
ModelId *int64 `gorm:"default:0;" json:"model_id"` // 模型ID
Title *string `gorm:"default:'';" json:"title"` // 模板sku,预留字段
Name *string `gorm:"default:'';" json:"name"` // 名称
CoverImg *string `gorm:"default:'';" json:"cover_img"` // 模板背景图
CoverImg *string `gorm:"default:'';" json:"cover_img"` //
TemplateInfo *string `gorm:"default:'';" json:"template_info"` // 模板详情
MaterialImg *string `gorm:"default:'';" json:"material_img"` // 合成好的贴图
MaterialImg *string `gorm:"default:'';" json:"material_img"` //
Sort *int64 `gorm:"default:0;" json:"sort"` // 排序
LogoWidth *int64 `gorm:"default:0;" json:"logo_width"` // logo图最大宽度
LogoHeight *int64 `gorm:"default:0;" json:"logo_height"` // logo图最大高度

1
model/gmodel/ldap_apis_gen.go
View File

@ -8,6 +8,7 @@ import (
// ldap_apis api表
type LdapApis struct {
Id int64 `gorm:"primary_key;default:0;auto_increment;" json:"id"` //
Name *string `gorm:"default:'';" json:"name"` //
Method *string `gorm:"default:'';" json:"method"` //
Path *string `gorm:"default:'';" json:"path"` //
Category *string `gorm:"default:'';" json:"category"` //

4
server/ldap-admin/internal/handler/saveapihandler.go
View File

@ -15,7 +15,7 @@ func SaveApiHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var req types.SaveApiReq
userinfo, err := basic.RequestParse(w, r, svcCtx, &req)
_, err := basic.RequestParse(w, r, svcCtx, &req)
if err != nil {
return
}
@ -26,7 +26,7 @@ func SaveApiHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
rl := reflect.ValueOf(l)
basic.BeforeLogic(w, r, rl)
resp := l.SaveApi(&req, userinfo)
resp := l.SaveApi(&req, r)
if !basic.AfterLogic(w, r, rl, resp) {
basic.NormalAfterLogic(w, r, resp)

13
server/ldap-admin/internal/logic/saveapilogic.go
View File

@ -3,8 +3,8 @@ package logic
import (
"errors"
"fusenapi/model/gmodel"
"fusenapi/utils/auth"
"fusenapi/utils/basic"
"net/http"
"context"
@ -33,9 +33,14 @@ func NewSaveApiLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SaveApiLo
// func (l *SaveApiLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
// }
func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (resp *basic.Response) {
func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, r *http.Request) (resp *basic.Response) {
// 返回值必须调用Set重新返回, resp可以空指针调用 resp.SetStatus(basic.CodeOK, data)
// userinfo 传入值时, 一定不为null
if !l.svcCtx.Ldap.VerifyAuthorityGroup(r) {
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
}
var err1 error
if req.Id > 0 {
resOne, err := l.svcCtx.AllModels.LdapApis.FindOneById(l.ctx, req.Id)
@ -48,6 +53,9 @@ func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (
return resp.SetStatus(basic.CodeServiceErr)
}
var updateMap = make(map[string]interface{})
if req.Name != "" {
updateMap["name"] = req.Name
}
if req.Method != "" {
updateMap["method"] = req.Method
}
@ -63,6 +71,7 @@ func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (
err1 = l.svcCtx.AllModels.LdapApis.UpdateOne(l.ctx, resOne, updateMap)
} else {
err1 = l.svcCtx.AllModels.LdapApis.InsertOne(l.ctx, gmodel.LdapApis{
Name: &req.Name,
Method: &req.Method,
Path: &req.Path,
Category: &req.Category,

3
server/ldap-admin/internal/svc/servicecontext.go
View File

@ -5,6 +5,7 @@ import (
"fusenapi/model/gmodel"
"fusenapi/server/ldap-admin/internal/config"
"fusenapi/utils/ldap_lib"
"gorm.io/gorm"
)
@ -24,6 +25,6 @@ func NewServiceContext(c config.Config) *ServiceContext {
MysqlConn: conn,
AllModels: gmodel.NewAllModels(initalize.InitMysql(c.SourceMysql)),
RabbitMq: initalize.InitRabbitMq(c.SourceRabbitMq, nil),
Ldap: ldap_lib.NewLdap(ldapConn, c.Ldap.BaseDN, c.Ldap.RootDN, c.Ldap.PeopleGroupDN, c.Auth.AccessSecret),
Ldap: ldap_lib.NewLdap(ldapConn, c.Ldap.BaseDN, c.Ldap.RootDN, c.Ldap.PeopleGroupDN, c.Auth.AccessSecret, conn),
}
}

1
server/ldap-admin/internal/types/types.go
View File

@ -67,6 +67,7 @@ type GetApisReq struct {
type SaveApiReq struct {
Id int64 `json:"id"`
Name string `json:"name"`
Method string `json:"method"`
Path string `json:"path"`
Category string `json:"category"`

5
server_api/ldap-admin.api
View File

@ -22,7 +22,7 @@ service ldap-admin {
//删除权限组
@handler DeleteLdapGroupHandler
post /api/ldap-admin/delete_ldap_group(DeleteLdapGroupReq) returns (response);
//权限组授权
@handler SetLdapGroupAuthHandler
post /api/ldap-admin/set_ldap_group_auth(SetLdapGroupAuthReq) returns (response);
@ -35,7 +35,7 @@ service ldap-admin {
//删除API
@handler DeleteApiHandler
post /api/ldap-admin/delete_api(DeleteApiReq) returns (response);
//保存菜单
@handler SaveMenuHandler
post /api/ldap-admin/save_menu(SaveMenuReq) returns (response);
@ -153,6 +153,7 @@ type GetApisReq {
type SaveApiReq {
Id int64 `json:"id"`
Name string `json:"name"`
Method string `json:"method"`
Path string `json:"path"`
Category string `json:"category"`

82
utils/ldap_lib/auth.go
View File

@ -1,8 +1,12 @@
package ldap_lib
import (
"github.com/zeromicro/go-zero/core/logx"
"encoding/json"
"fusenapi/model/gmodel"
"fusenapi/utils/basic"
"net/http"
"github.com/zeromicro/go-zero/core/logx"
)
type LdapVerifyType string
@ -39,3 +43,79 @@ func (l *Ldap) VerifyAuthority(r *http.Request, options ...LdapOptions) bool {
}
return true
}
// 验证权限组
func (l *Ldap) VerifyAuthorityGroup(r *http.Request, options ...LdapOptions) bool {
token := r.Header.Get("Ldap-Authorization")
info, err := l.ParseJwtToken(token, l.jwtSecret)
if err != nil {
logx.Error("解析token失败", err, "----token:", token)
return false
}
//查询ldap
userInfo, err := l.GetLdapUserInfo(info.UserDN)
if err != nil {
logx.Error("获取ldap用户信息失败", err, "----user_dn:", info.UserDN)
}
if userInfo.GroupId != 0 {
return false
}
var groupId = userInfo.GroupId
// var err error
// var groupId = 6
// 当前API路由
path := r.URL.Path
var infoLdapApis gmodel.LdapApis
resLdapApis := l.MysqlConn.Model(gmodel.LdapApis{}).Where("path = ? AND method = ?", path, r.Method).Take(&infoLdapApis)
if resLdapApis.Error != nil {
err = resLdapApis.Error
logx.Error("获取ldap用户信息权限组失败", err)
return false
}
apiId := infoLdapApis.Id
var infoLdapGroup gmodel.LdapGroup
resLdapGroup := l.MysqlConn.Model(gmodel.LdapGroup{}).Where("id = ?", groupId).Take(&infoLdapGroup)
if resLdapGroup.Error != nil {
err = resLdapGroup.Error
logx.Error("获取ldap用户信息权限组失败", err)
return false
}
var apiMaps = make(map[int64]string, 100)
var metadata []*GroupAuthMetadata
if infoLdapGroup.Metadata != nil {
err := json.Unmarshal(*infoLdapGroup.Metadata, &metadata)
if err != nil {
basic.CodeServiceErr.Message = "系统出错"
return false
}
getAllApis(metadata, &apiMaps)
}
if _, ok := apiMaps[apiId]; ok {
return true
} else {
return false
}
}
func getAllApis(metadata []*GroupAuthMetadata, apiMaps *map[int64]string) {
apiMapsData := *apiMaps
for _, v := range metadata {
if v.Type == "api" {
apiMapsData[v.Id] = v.Name
} else if v.Type == "group" {
getAllApis(v.Metadata, apiMaps)
} else {
continue
}
}
}
type GroupAuthMetadata struct {
Id int64 `json:"id"`
Name string `json:"name"`
Type string `json:"type"`
Metadata []*GroupAuthMetadata `json:"metadata"`
}

5
utils/ldap_lib/ldap_group.go
View File

@ -5,6 +5,7 @@ import (
"strings"
"github.com/go-ldap/ldap/v3"
"gorm.io/gorm"
)
type Ldap struct {
@ -13,15 +14,17 @@ type Ldap struct {
conn *ldap.Conn
peopleGroupDN string
jwtSecret string
MysqlConn *gorm.DB
}
func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string) *Ldap {
func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string, mysqlConn *gorm.DB) *Ldap {
return &Ldap{
baseDN: baseDN,
rootDN: rootDN,
conn: conn,
peopleGroupDN: peopleGroupDN,
jwtSecret: jwtSecret,
MysqlConn: mysqlConn,
}
}