权限检验中间件
This commit is contained in:
parent
205767efd5
commit
4889590b35
|
@ -11,9 +11,9 @@ type FsProductTemplateV2 struct {
|
||||||
ModelId *int64 `gorm:"default:0;" json:"model_id"` // 模型ID
|
ModelId *int64 `gorm:"default:0;" json:"model_id"` // 模型ID
|
||||||
Title *string `gorm:"default:'';" json:"title"` // 模板(sku),预留字段
|
Title *string `gorm:"default:'';" json:"title"` // 模板(sku),预留字段
|
||||||
Name *string `gorm:"default:'';" json:"name"` // 名称
|
Name *string `gorm:"default:'';" json:"name"` // 名称
|
||||||
CoverImg *string `gorm:"default:'';" json:"cover_img"` // 模板背景图
|
CoverImg *string `gorm:"default:'';" json:"cover_img"` //
|
||||||
TemplateInfo *string `gorm:"default:'';" json:"template_info"` // 模板详情
|
TemplateInfo *string `gorm:"default:'';" json:"template_info"` // 模板详情
|
||||||
MaterialImg *string `gorm:"default:'';" json:"material_img"` // 合成好的贴图
|
MaterialImg *string `gorm:"default:'';" json:"material_img"` //
|
||||||
Sort *int64 `gorm:"default:0;" json:"sort"` // 排序
|
Sort *int64 `gorm:"default:0;" json:"sort"` // 排序
|
||||||
LogoWidth *int64 `gorm:"default:0;" json:"logo_width"` // logo图最大宽度
|
LogoWidth *int64 `gorm:"default:0;" json:"logo_width"` // logo图最大宽度
|
||||||
LogoHeight *int64 `gorm:"default:0;" json:"logo_height"` // logo图最大高度
|
LogoHeight *int64 `gorm:"default:0;" json:"logo_height"` // logo图最大高度
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
// ldap_apis api表
|
// ldap_apis api表
|
||||||
type LdapApis struct {
|
type LdapApis struct {
|
||||||
Id int64 `gorm:"primary_key;default:0;auto_increment;" json:"id"` //
|
Id int64 `gorm:"primary_key;default:0;auto_increment;" json:"id"` //
|
||||||
|
Name *string `gorm:"default:'';" json:"name"` //
|
||||||
Method *string `gorm:"default:'';" json:"method"` //
|
Method *string `gorm:"default:'';" json:"method"` //
|
||||||
Path *string `gorm:"default:'';" json:"path"` //
|
Path *string `gorm:"default:'';" json:"path"` //
|
||||||
Category *string `gorm:"default:'';" json:"category"` //
|
Category *string `gorm:"default:'';" json:"category"` //
|
||||||
|
|
|
@ -15,7 +15,7 @@ func SaveApiHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
|
||||||
return func(w http.ResponseWriter, r *http.Request) {
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
||||||
var req types.SaveApiReq
|
var req types.SaveApiReq
|
||||||
userinfo, err := basic.RequestParse(w, r, svcCtx, &req)
|
_, err := basic.RequestParse(w, r, svcCtx, &req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -26,7 +26,7 @@ func SaveApiHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
|
||||||
rl := reflect.ValueOf(l)
|
rl := reflect.ValueOf(l)
|
||||||
basic.BeforeLogic(w, r, rl)
|
basic.BeforeLogic(w, r, rl)
|
||||||
|
|
||||||
resp := l.SaveApi(&req, userinfo)
|
resp := l.SaveApi(&req, r)
|
||||||
|
|
||||||
if !basic.AfterLogic(w, r, rl, resp) {
|
if !basic.AfterLogic(w, r, rl, resp) {
|
||||||
basic.NormalAfterLogic(w, r, resp)
|
basic.NormalAfterLogic(w, r, resp)
|
||||||
|
|
|
@ -3,8 +3,8 @@ package logic
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fusenapi/model/gmodel"
|
"fusenapi/model/gmodel"
|
||||||
"fusenapi/utils/auth"
|
|
||||||
"fusenapi/utils/basic"
|
"fusenapi/utils/basic"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
"context"
|
"context"
|
||||||
|
|
||||||
|
@ -33,9 +33,14 @@ func NewSaveApiLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SaveApiLo
|
||||||
// func (l *SaveApiLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
|
// func (l *SaveApiLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
|
||||||
// }
|
// }
|
||||||
|
|
||||||
func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (resp *basic.Response) {
|
func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, r *http.Request) (resp *basic.Response) {
|
||||||
// 返回值必须调用Set重新返回, resp可以空指针调用 resp.SetStatus(basic.CodeOK, data)
|
// 返回值必须调用Set重新返回, resp可以空指针调用 resp.SetStatus(basic.CodeOK, data)
|
||||||
// userinfo 传入值时, 一定不为null
|
// userinfo 传入值时, 一定不为null
|
||||||
|
|
||||||
|
if !l.svcCtx.Ldap.VerifyAuthorityGroup(r) {
|
||||||
|
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||||
|
}
|
||||||
|
|
||||||
var err1 error
|
var err1 error
|
||||||
if req.Id > 0 {
|
if req.Id > 0 {
|
||||||
resOne, err := l.svcCtx.AllModels.LdapApis.FindOneById(l.ctx, req.Id)
|
resOne, err := l.svcCtx.AllModels.LdapApis.FindOneById(l.ctx, req.Id)
|
||||||
|
@ -48,6 +53,9 @@ func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (
|
||||||
return resp.SetStatus(basic.CodeServiceErr)
|
return resp.SetStatus(basic.CodeServiceErr)
|
||||||
}
|
}
|
||||||
var updateMap = make(map[string]interface{})
|
var updateMap = make(map[string]interface{})
|
||||||
|
if req.Name != "" {
|
||||||
|
updateMap["name"] = req.Name
|
||||||
|
}
|
||||||
if req.Method != "" {
|
if req.Method != "" {
|
||||||
updateMap["method"] = req.Method
|
updateMap["method"] = req.Method
|
||||||
}
|
}
|
||||||
|
@ -63,6 +71,7 @@ func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (
|
||||||
err1 = l.svcCtx.AllModels.LdapApis.UpdateOne(l.ctx, resOne, updateMap)
|
err1 = l.svcCtx.AllModels.LdapApis.UpdateOne(l.ctx, resOne, updateMap)
|
||||||
} else {
|
} else {
|
||||||
err1 = l.svcCtx.AllModels.LdapApis.InsertOne(l.ctx, gmodel.LdapApis{
|
err1 = l.svcCtx.AllModels.LdapApis.InsertOne(l.ctx, gmodel.LdapApis{
|
||||||
|
Name: &req.Name,
|
||||||
Method: &req.Method,
|
Method: &req.Method,
|
||||||
Path: &req.Path,
|
Path: &req.Path,
|
||||||
Category: &req.Category,
|
Category: &req.Category,
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"fusenapi/model/gmodel"
|
"fusenapi/model/gmodel"
|
||||||
"fusenapi/server/ldap-admin/internal/config"
|
"fusenapi/server/ldap-admin/internal/config"
|
||||||
"fusenapi/utils/ldap_lib"
|
"fusenapi/utils/ldap_lib"
|
||||||
|
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -24,6 +25,6 @@ func NewServiceContext(c config.Config) *ServiceContext {
|
||||||
MysqlConn: conn,
|
MysqlConn: conn,
|
||||||
AllModels: gmodel.NewAllModels(initalize.InitMysql(c.SourceMysql)),
|
AllModels: gmodel.NewAllModels(initalize.InitMysql(c.SourceMysql)),
|
||||||
RabbitMq: initalize.InitRabbitMq(c.SourceRabbitMq, nil),
|
RabbitMq: initalize.InitRabbitMq(c.SourceRabbitMq, nil),
|
||||||
Ldap: ldap_lib.NewLdap(ldapConn, c.Ldap.BaseDN, c.Ldap.RootDN, c.Ldap.PeopleGroupDN, c.Auth.AccessSecret),
|
Ldap: ldap_lib.NewLdap(ldapConn, c.Ldap.BaseDN, c.Ldap.RootDN, c.Ldap.PeopleGroupDN, c.Auth.AccessSecret, conn),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -67,6 +67,7 @@ type GetApisReq struct {
|
||||||
|
|
||||||
type SaveApiReq struct {
|
type SaveApiReq struct {
|
||||||
Id int64 `json:"id"`
|
Id int64 `json:"id"`
|
||||||
|
Name string `json:"name"`
|
||||||
Method string `json:"method"`
|
Method string `json:"method"`
|
||||||
Path string `json:"path"`
|
Path string `json:"path"`
|
||||||
Category string `json:"category"`
|
Category string `json:"category"`
|
||||||
|
|
|
@ -22,7 +22,7 @@ service ldap-admin {
|
||||||
//删除权限组
|
//删除权限组
|
||||||
@handler DeleteLdapGroupHandler
|
@handler DeleteLdapGroupHandler
|
||||||
post /api/ldap-admin/delete_ldap_group(DeleteLdapGroupReq) returns (response);
|
post /api/ldap-admin/delete_ldap_group(DeleteLdapGroupReq) returns (response);
|
||||||
|
|
||||||
//权限组授权
|
//权限组授权
|
||||||
@handler SetLdapGroupAuthHandler
|
@handler SetLdapGroupAuthHandler
|
||||||
post /api/ldap-admin/set_ldap_group_auth(SetLdapGroupAuthReq) returns (response);
|
post /api/ldap-admin/set_ldap_group_auth(SetLdapGroupAuthReq) returns (response);
|
||||||
|
@ -35,7 +35,7 @@ service ldap-admin {
|
||||||
//删除API
|
//删除API
|
||||||
@handler DeleteApiHandler
|
@handler DeleteApiHandler
|
||||||
post /api/ldap-admin/delete_api(DeleteApiReq) returns (response);
|
post /api/ldap-admin/delete_api(DeleteApiReq) returns (response);
|
||||||
|
|
||||||
//保存菜单
|
//保存菜单
|
||||||
@handler SaveMenuHandler
|
@handler SaveMenuHandler
|
||||||
post /api/ldap-admin/save_menu(SaveMenuReq) returns (response);
|
post /api/ldap-admin/save_menu(SaveMenuReq) returns (response);
|
||||||
|
@ -153,6 +153,7 @@ type GetApisReq {
|
||||||
|
|
||||||
type SaveApiReq {
|
type SaveApiReq {
|
||||||
Id int64 `json:"id"`
|
Id int64 `json:"id"`
|
||||||
|
Name string `json:"name"`
|
||||||
Method string `json:"method"`
|
Method string `json:"method"`
|
||||||
Path string `json:"path"`
|
Path string `json:"path"`
|
||||||
Category string `json:"category"`
|
Category string `json:"category"`
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
package ldap_lib
|
package ldap_lib
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/zeromicro/go-zero/core/logx"
|
"encoding/json"
|
||||||
|
"fusenapi/model/gmodel"
|
||||||
|
"fusenapi/utils/basic"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/zeromicro/go-zero/core/logx"
|
||||||
)
|
)
|
||||||
|
|
||||||
type LdapVerifyType string
|
type LdapVerifyType string
|
||||||
|
@ -39,3 +43,79 @@ func (l *Ldap) VerifyAuthority(r *http.Request, options ...LdapOptions) bool {
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 验证权限组
|
||||||
|
func (l *Ldap) VerifyAuthorityGroup(r *http.Request, options ...LdapOptions) bool {
|
||||||
|
token := r.Header.Get("Ldap-Authorization")
|
||||||
|
info, err := l.ParseJwtToken(token, l.jwtSecret)
|
||||||
|
if err != nil {
|
||||||
|
logx.Error("解析token失败", err, "----token:", token)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
//查询ldap
|
||||||
|
userInfo, err := l.GetLdapUserInfo(info.UserDN)
|
||||||
|
if err != nil {
|
||||||
|
logx.Error("获取ldap用户信息失败", err, "----user_dn:", info.UserDN)
|
||||||
|
}
|
||||||
|
if userInfo.GroupId != 0 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
var groupId = userInfo.GroupId
|
||||||
|
|
||||||
|
// var err error
|
||||||
|
// var groupId = 6
|
||||||
|
|
||||||
|
// 当前API路由
|
||||||
|
path := r.URL.Path
|
||||||
|
var infoLdapApis gmodel.LdapApis
|
||||||
|
resLdapApis := l.MysqlConn.Model(gmodel.LdapApis{}).Where("path = ? AND method = ?", path, r.Method).Take(&infoLdapApis)
|
||||||
|
if resLdapApis.Error != nil {
|
||||||
|
err = resLdapApis.Error
|
||||||
|
logx.Error("获取ldap用户信息权限组失败", err)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
apiId := infoLdapApis.Id
|
||||||
|
|
||||||
|
var infoLdapGroup gmodel.LdapGroup
|
||||||
|
resLdapGroup := l.MysqlConn.Model(gmodel.LdapGroup{}).Where("id = ?", groupId).Take(&infoLdapGroup)
|
||||||
|
if resLdapGroup.Error != nil {
|
||||||
|
err = resLdapGroup.Error
|
||||||
|
logx.Error("获取ldap用户信息权限组失败", err)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
var apiMaps = make(map[int64]string, 100)
|
||||||
|
var metadata []*GroupAuthMetadata
|
||||||
|
if infoLdapGroup.Metadata != nil {
|
||||||
|
err := json.Unmarshal(*infoLdapGroup.Metadata, &metadata)
|
||||||
|
if err != nil {
|
||||||
|
basic.CodeServiceErr.Message = "系统出错"
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
getAllApis(metadata, &apiMaps)
|
||||||
|
}
|
||||||
|
if _, ok := apiMaps[apiId]; ok {
|
||||||
|
return true
|
||||||
|
} else {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func getAllApis(metadata []*GroupAuthMetadata, apiMaps *map[int64]string) {
|
||||||
|
apiMapsData := *apiMaps
|
||||||
|
for _, v := range metadata {
|
||||||
|
if v.Type == "api" {
|
||||||
|
apiMapsData[v.Id] = v.Name
|
||||||
|
} else if v.Type == "group" {
|
||||||
|
getAllApis(v.Metadata, apiMaps)
|
||||||
|
} else {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type GroupAuthMetadata struct {
|
||||||
|
Id int64 `json:"id"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
Type string `json:"type"`
|
||||||
|
Metadata []*GroupAuthMetadata `json:"metadata"`
|
||||||
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/go-ldap/ldap/v3"
|
"github.com/go-ldap/ldap/v3"
|
||||||
|
"gorm.io/gorm"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Ldap struct {
|
type Ldap struct {
|
||||||
|
@ -13,15 +14,17 @@ type Ldap struct {
|
||||||
conn *ldap.Conn
|
conn *ldap.Conn
|
||||||
peopleGroupDN string
|
peopleGroupDN string
|
||||||
jwtSecret string
|
jwtSecret string
|
||||||
|
MysqlConn *gorm.DB
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string) *Ldap {
|
func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string, mysqlConn *gorm.DB) *Ldap {
|
||||||
return &Ldap{
|
return &Ldap{
|
||||||
baseDN: baseDN,
|
baseDN: baseDN,
|
||||||
rootDN: rootDN,
|
rootDN: rootDN,
|
||||||
conn: conn,
|
conn: conn,
|
||||||
peopleGroupDN: peopleGroupDN,
|
peopleGroupDN: peopleGroupDN,
|
||||||
jwtSecret: jwtSecret,
|
jwtSecret: jwtSecret,
|
||||||
|
MysqlConn: mysqlConn,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user