package comm import ( "applet/app/db" "applet/app/e" "applet/app/enum" "applet/app/md" "applet/app/svc" "applet/app/utils" "applet/app/utils/cache" "code.fnuoos.com/EggPlanet/egg_models.git/src/implement" enum2 "code.fnuoos.com/EggPlanet/egg_system_rules.git/enum" "fmt" sts20150401 "github.com/alibabacloud-go/sts-20150401/v2/client" "github.com/aliyun/aliyun-oss-go-sdk/oss" "github.com/gin-gonic/gin" "strings" ) func MenuList(c *gin.Context) { engine := db.Db admin := svc.GetUser(c) qrcodeWithBatchRecordsDb := implement.NewPermissionGroupDb(engine) groupList, err := qrcodeWithBatchRecordsDb.FindPermissionGroupV2() if err != nil { e.OutErr(c, e.ERR_DB_ORM, err.Error()) return } // 1、查询出当前用户所有角色 adminRoleDb := implement.NewAdminRoleDb(engine) roles, err := adminRoleDb.FindAdminRole(admin.AdmId) if err != nil { e.OutErr(c, e.ERR_DB_ORM, err.Error()) return } roleDb := implement.NewRoleDb(engine, 0) var adminHasPermissionGroupIds []string for _, v := range *roles { list, _, err1 := roleDb.FindPermissionGroupByRole(v.RoleId) if err1 != nil { e.OutErr(c, e.ERR_DB_ORM, err1.Error()) return } for _, v1 := range list { adminHasPermissionGroupIds = append(adminHasPermissionGroupIds, utils.IntToStr(v1.PermissionGroup.Id)) } } var tempRespMap = map[string]*md.PermissionGroupListResp{} var tempRespMapKeys []string for _, v := range *groupList { var isCheck bool if admin.IsSuperAdministrator == enum.IsSuperAdministratorTure { isCheck = true } else { isCheck = false } if utils.InArr(utils.IntToStr(v.Id), adminHasPermissionGroupIds) { isCheck = true } if v.State == enum.PermissionGroupStateForDiscard { isCheck = false } tempRespMap[utils.IntToStr(v.Id)] = &md.PermissionGroupListResp{ Id: v.Id, Name: v.Name, Key: v.Key, State: v.State, ParentId: v.ParentId, CreateAt: v.CreateAt, UpdateAt: v.UpdateAt, IsCheck: isCheck, } tempRespMapKeys = append(tempRespMapKeys, utils.IntToStr(v.Id)) } for _, v := range tempRespMap { if v.ParentId != 0 && tempRespMap[utils.IntToStr(v.ParentId)].ParentId != 0 { tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList = append(tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList, *v) } } for _, v := range tempRespMap { if v.ParentId != 0 && tempRespMap[utils.IntToStr(v.ParentId)].ParentId == 0 { tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList = append(tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList, *v) } } var resp []*md.PermissionGroupListResp for _, v := range tempRespMapKeys { if tempRespMap[v].ParentId == 0 { resp = append(resp, tempRespMap[v]) } } e.OutSuc(c, map[string]interface{}{ "list": resp, "state": []map[string]interface{}{ { "name": enum.PermissionGroupState(enum.PermissionGroupStateForNormal).String(), "value": enum.PermissionGroupStateForNormal, }, { "name": enum.PermissionGroupState(enum.PermissionGroupStateForDiscard).String(), "value": enum.PermissionGroupStateForDiscard, }, }, }, nil) return } type ImgReqUploadReq struct { FileName string `json:"file_name" binding:"required" example:"文件名"` ContentType string `json:"content_type,required" binding:"required" example:"image/jpeg"` } type ImgReqUploadResp struct { SignUrl string `json:"sign_url" example:"签名上传url"` } // GetOssUrl // @Summary 通用请求-对象存储-上传许可链接(获取) // @Tags 对象存储 // @Description 上传许可链接(获取) // @Accept json // @Produce json // @param Authorization header string true "验证参数Bearer和token空格拼接" // @Param req body comm.ImgReqUploadReq true "签名上传url" // @Success 200 {string} "许可链接" // @Failure 400 {object} md.Response "具体错误" // @Router /api/comm/getOssUrl [POST] func GetOssUrl(c *gin.Context) { var args ImgReqUploadReq err := c.ShouldBindJSON(&args) if err != nil { err = svc.HandleValidateErr(err) err1 := err.(e.E) e.OutErr(c, err1.Code, err1.Error()) return } CommOss(c, args) } func CommOss(c *gin.Context, args ImgReqUploadReq) { redisConn := cache.GetPool().Get() sysCfgDb := implement.NewSysCfgDb(db.Db, redisConn) sysCfgs, err := sysCfgDb.SysCfgGetAll() if err != nil { e.OutErr(c, e.ERR_DB_ORM, err.Error()) return } if sysCfgs == nil { e.OutErr(c, e.ERR_CFG_CACHE, nil) return } cfgMap := make(map[string]string, len(*sysCfgs)) for _, cfg := range *sysCfgs { cfgMap[cfg.Key] = cfg.Val } endpoint := cfgMap[enum2.AliyunOssEndpoint] bucketName := cfgMap[enum2.AliyunOssBucketName] ossBucketScheme := cfgMap[enum2.AliyunOssBucketScheme] accessKeyID := cfgMap[enum2.AliyunOssAccessKeyID] accessKeySecret := cfgMap[enum2.AliyunOssAccessKeySecret] // 创建OSSClient实例。 client, err := oss.New(ossBucketScheme+"://"+endpoint, accessKeyID, accessKeySecret) if err != nil { e.OutErr(c, e.ERR, err.Error()) return } // 获取存储空间。 bucket, err := client.Bucket(bucketName) if err != nil { e.OutErr(c, e.ERR, err.Error()) return } options := []oss.Option{ oss.ContentType(args.ContentType), } signedURL, err := bucket.SignURL(args.FileName, oss.HTTPPut, 60*5, options...) if err != nil { e.OutErr(c, e.ERR_AES_ENCODE, err.Error()) return } e.OutSuc(c, signedURL, nil) } const STSVoucherRedisKey = "STS_Voucher_Cache_Key" type GetSTSVoucherResp struct { STSToken sts20150401.AssumeRoleResponseBodyCredentials `json:"sts_token"` // STS 凭证 Bucket string `json:"bucket"` // oss 桶名称 Region string `json:"region"` // 所在地域 } // GetSTSVoucher // @Summary 通用请求-对象存储-STS临时访问凭证(获取) // @Tags 对象存储 // @Description STS临时访问凭证(获取) // @Accept json // @Produce json // @param Authorization header string true "验证参数Bearer和token空格拼接" // @Success 200 {object} comm.GetSTSVoucherResp "凭证及其他信息" // @Failure 400 {object} md.Response "具体错误" // @Router /api/comm/getSTSVoucher [GET] func GetSTSVoucher(c *gin.Context) { redisConn := cache.GetPool().Get() sysCfgDb := implement.NewSysCfgDb(db.Db, redisConn) sysCfgs, err := sysCfgDb.SysCfgGetAll() if err != nil { e.OutErr(c, e.ERR_DB_ORM, err.Error()) return } if sysCfgs == nil { e.OutErr(c, e.ERR_CFG_CACHE, nil) return } cfgMap := make(map[string]string, len(*sysCfgs)) for _, cfg := range *sysCfgs { cfgMap[cfg.Key] = cfg.Val } redisKey := STSVoucherRedisKey redisValue, err := cache.GetString(redisKey) if err != nil { if err.Error() == "redigo: nil returned" { endpoint := cfgMap[enum2.AliyunOssEndpoint] //assumeRoleAccessKeyID := cfgMap[enum2.AliyunOssAssumeRoleAccessKeyID] //assumeRoleAccessKeySecret := cfgMap[enum2.AliyunOssAssumeRoleAccessKeySecret] //assumeRoleARN := cfgMap[enum2.AliyunOssAssumeRoleARN] assumeRoleAccessKeyID := "LTAI5t7NtS83omCUZwBLQNU5" assumeRoleAccessKeySecret := "cMQyPeZIZJPt7bIwvMXHfKxoeFx09u" assumeRoleARN := "acs:ram::1319334214744861:role/ramosstest" roleSessionName := "STSRam" endpointList := strings.Split(endpoint, "-") stsEndPoint := fmt.Sprintf("sts.%s-%s", endpointList[1], endpointList[2]) client, err := svc.CreateSTSClient(&assumeRoleAccessKeyID, &assumeRoleAccessKeySecret, &stsEndPoint) if err != nil { e.OutErr(c, e.ERR, err.Error()) return } roleArn := assumeRoleARN fmt.Println(roleArn) durationSeconds := 3600 assumeRoleResponse, err := svc.AssumeRole(client, &roleArn, &roleSessionName, int64(durationSeconds)) if err != nil { e.OutErr(c, e.ERR, err.Error()) return } CredentialsStr := utils.SerializeStr(assumeRoleResponse.Body.Credentials) // 提早 60s 释放,避免能拿到令牌但无法上传 cache.SetEx(redisKey, CredentialsStr, durationSeconds-60) credentials := sts20150401.AssumeRoleResponseBodyCredentials{ AccessKeyId: assumeRoleResponse.Body.Credentials.AccessKeyId, AccessKeySecret: assumeRoleResponse.Body.Credentials.AccessKeySecret, Expiration: assumeRoleResponse.Body.Credentials.Expiration, SecurityToken: assumeRoleResponse.Body.Credentials.SecurityToken, } bucket := cfgMap[enum2.AliyunOssBucketName] region := strings.Split(bucket, ".")[0] resp := GetSTSVoucherResp{ STSToken: credentials, Bucket: bucket, Region: region, } e.OutSuc(c, resp, nil) } else { e.OutErr(c, e.ERR, nil) return } } var credentials sts20150401.AssumeRoleResponseBodyCredentials utils.Unserialize([]byte(redisValue), &credentials) bucket := cfgMap[enum2.AliyunOssBucketName] region := strings.Split(bucket, ".")[0] resp := GetSTSVoucherResp{ STSToken: credentials, Bucket: bucket, Region: region, } e.OutSuc(c, resp, nil) return }