蛋蛋星球 后台端
 
 
 
 

356 рядки
11 KiB

  1. package comm
  2. import (
  3. "applet/app/db"
  4. "applet/app/e"
  5. "applet/app/enum"
  6. "applet/app/md"
  7. "applet/app/svc"
  8. "applet/app/utils"
  9. "applet/app/utils/cache"
  10. "applet/app/utils/logx"
  11. "code.fnuoos.com/EggPlanet/egg_models.git/src/dao"
  12. "code.fnuoos.com/EggPlanet/egg_models.git/src/implement"
  13. enum2 "code.fnuoos.com/EggPlanet/egg_system_rules.git/enum"
  14. "fmt"
  15. sts20150401 "github.com/alibabacloud-go/sts-20150401/v2/client"
  16. "github.com/aliyun/aliyun-oss-go-sdk/oss"
  17. "github.com/gin-gonic/gin"
  18. "strings"
  19. )
  20. // MenuList
  21. // @Summary 通用请求-权限列表-菜单栏列表(获取)
  22. // @Tags 权限列表
  23. // @Description 菜单栏列表(获取)
  24. // @Accept json
  25. // @Produce json
  26. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  27. // @Success 200 {object} map[string]interface{} "具体路由"
  28. // @Failure 400 {object} md.Response "具体错误"
  29. // @Router /api/comm/getMenuList [POST]
  30. func MenuList(c *gin.Context) {
  31. engine := db.Db
  32. admin := svc.GetUser(c)
  33. qrcodeWithBatchRecordsDb := implement.NewPermissionGroupDb(engine)
  34. groupList, err := qrcodeWithBatchRecordsDb.FindPermissionGroup()
  35. if err != nil {
  36. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  37. return
  38. }
  39. // 1、查询出当前用户所有角色
  40. adminRoleDb := implement.NewAdminRoleDb(engine)
  41. roles, err := adminRoleDb.FindAdminRole(admin.AdmId)
  42. if err != nil {
  43. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  44. return
  45. }
  46. roleDb := implement.NewRoleDb(engine, 0)
  47. var adminHasPermissionGroupIds []string
  48. for _, v := range *roles {
  49. list, _, err1 := roleDb.FindPermissionGroupByRole(v.RoleId)
  50. if err1 != nil {
  51. e.OutErr(c, e.ERR_DB_ORM, err1.Error())
  52. return
  53. }
  54. for _, v1 := range list {
  55. adminHasPermissionGroupIds = append(adminHasPermissionGroupIds, utils.IntToStr(v1.PermissionGroup.Id))
  56. }
  57. }
  58. var tempRespMap = map[string]*md.PermissionGroupListResp{}
  59. var tempRespMapKeys []string
  60. for _, v := range *groupList {
  61. var isCheck bool
  62. if admin.IsSuperAdministrator == enum.IsSuperAdministratorTure {
  63. isCheck = true
  64. } else {
  65. isCheck = false
  66. }
  67. if utils.InArr(utils.IntToStr(v.Id), adminHasPermissionGroupIds) {
  68. isCheck = true
  69. }
  70. if v.State == enum.PermissionGroupStateForDiscard {
  71. isCheck = false
  72. }
  73. tempRespMap[utils.IntToStr(v.Id)] = &md.PermissionGroupListResp{
  74. Id: v.Id,
  75. Name: v.Name,
  76. Key: v.Key,
  77. State: v.State,
  78. ParentId: v.ParentId,
  79. CreateAt: v.CreateAt,
  80. UpdateAt: v.UpdateAt,
  81. IsCheck: isCheck,
  82. }
  83. tempRespMapKeys = append(tempRespMapKeys, utils.IntToStr(v.Id))
  84. }
  85. for _, v := range tempRespMap {
  86. if v.ParentId != 0 && tempRespMap[utils.IntToStr(v.ParentId)].ParentId != 0 {
  87. tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList = append(tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList, *v)
  88. }
  89. }
  90. for _, v := range tempRespMap {
  91. if v.ParentId != 0 && tempRespMap[utils.IntToStr(v.ParentId)].ParentId == 0 {
  92. tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList = append(tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList, *v)
  93. }
  94. }
  95. var resp []*md.PermissionGroupListResp
  96. for _, v := range tempRespMapKeys {
  97. if tempRespMap[v].ParentId == 0 {
  98. resp = append(resp, tempRespMap[v])
  99. }
  100. }
  101. e.OutSuc(c, map[string]interface{}{
  102. "list": resp,
  103. "state": []map[string]interface{}{
  104. {
  105. "name": enum.PermissionGroupState(enum.PermissionGroupStateForNormal).String(),
  106. "value": enum.PermissionGroupStateForNormal,
  107. },
  108. {
  109. "name": enum.PermissionGroupState(enum.PermissionGroupStateForDiscard).String(),
  110. "value": enum.PermissionGroupStateForDiscard,
  111. },
  112. },
  113. }, nil)
  114. return
  115. }
  116. type ImgReqUploadReq struct {
  117. FileName string `json:"file_name" binding:"required" example:"文件名"`
  118. ContentType string `json:"content_type,required" binding:"required" example:"image/jpeg"`
  119. }
  120. type ImgReqUploadResp struct {
  121. SignUrl string `json:"sign_url" example:"签名上传url"`
  122. }
  123. // GetOssUrl
  124. // @Summary 通用请求-对象存储-上传许可链接(获取)
  125. // @Tags 对象存储
  126. // @Description 上传许可链接(获取)
  127. // @Accept json
  128. // @Produce json
  129. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  130. // @Param req body comm.ImgReqUploadReq true "签名上传url"
  131. // @Success 200 {string} "许可链接"
  132. // @Failure 400 {object} md.Response "具体错误"
  133. // @Router /api/comm/getOssUrl [POST]
  134. func GetOssUrl(c *gin.Context) {
  135. var args ImgReqUploadReq
  136. err := c.ShouldBindJSON(&args)
  137. if err != nil {
  138. err = svc.HandleValidateErr(err)
  139. err1 := err.(e.E)
  140. e.OutErr(c, err1.Code, err1.Error())
  141. return
  142. }
  143. CommOss(c, args)
  144. }
  145. func CommOss(c *gin.Context, args ImgReqUploadReq) {
  146. redisConn := cache.GetPool().Get()
  147. sysCfgDb := implement.NewSysCfgDb(db.Db, redisConn)
  148. defer func(sysCfgDb dao.SysCfgDao) {
  149. err := sysCfgDb.Close()
  150. if err != nil {
  151. logx.Error("redis close err:" + err.Error()) // 记录错误信息
  152. }
  153. }(sysCfgDb)
  154. sysCfgs, err := sysCfgDb.SysCfgGetAll()
  155. if err != nil {
  156. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  157. return
  158. }
  159. if sysCfgs == nil {
  160. e.OutErr(c, e.ERR_CFG_CACHE, nil)
  161. return
  162. }
  163. cfgMap := make(map[string]string, len(*sysCfgs))
  164. for _, cfg := range *sysCfgs {
  165. cfgMap[cfg.Key] = cfg.Val
  166. }
  167. endpoint := cfgMap[enum2.AliyunOssEndpoint]
  168. bucketName := cfgMap[enum2.AliyunOssBucketName]
  169. ossBucketScheme := cfgMap[enum2.AliyunOssBucketScheme]
  170. accessKeyID := cfgMap[enum2.AliyunOssAccessKeyID]
  171. accessKeySecret := cfgMap[enum2.AliyunOssAccessKeySecret]
  172. // 创建OSSClient实例。
  173. client, err := oss.New(ossBucketScheme+"://"+endpoint, accessKeyID, accessKeySecret)
  174. if err != nil {
  175. e.OutErr(c, e.ERR, err.Error())
  176. return
  177. }
  178. // 获取存储空间。
  179. bucket, err := client.Bucket(bucketName)
  180. if err != nil {
  181. e.OutErr(c, e.ERR, err.Error())
  182. return
  183. }
  184. options := []oss.Option{
  185. oss.ContentType(args.ContentType),
  186. }
  187. signedURL, err := bucket.SignURL(args.FileName, oss.HTTPPut, 60*5, options...)
  188. if err != nil {
  189. e.OutErr(c, e.ERR_AES_ENCODE, err.Error())
  190. return
  191. }
  192. e.OutSuc(c, signedURL, nil)
  193. }
  194. const STSVoucherRedisKey = "STS_Voucher_Cache_Key"
  195. type GetSTSVoucherResp struct {
  196. STSToken sts20150401.AssumeRoleResponseBodyCredentials `json:"sts_token"` // STS 凭证
  197. Bucket string `json:"bucket"` // oss 桶名称
  198. Region string `json:"region"` // 所在地域
  199. }
  200. // GetSTSVoucher
  201. // @Summary 通用请求-打包机使用-STS临时访问凭证(获取)
  202. // @Tags 打包机使用
  203. // @Description STS临时访问凭证(获取)
  204. // @Accept json
  205. // @Produce json
  206. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  207. // @Success 200 {object} comm.GetSTSVoucherResp "凭证及其他信息"
  208. // @Failure 400 {object} md.Response "具体错误"
  209. // @Router /api/getSTSVoucher [GET]
  210. func GetSTSVoucher(c *gin.Context) {
  211. redisConn := cache.GetPool().Get()
  212. sysCfgDb := implement.NewSysCfgDb(db.Db, redisConn)
  213. defer func(sysCfgDb dao.SysCfgDao) {
  214. err := sysCfgDb.Close()
  215. if err != nil {
  216. logx.Error("redis close err:" + err.Error()) // 记录错误信息
  217. }
  218. }(sysCfgDb)
  219. sysCfgs, err := sysCfgDb.SysCfgGetAll()
  220. if err != nil {
  221. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  222. return
  223. }
  224. if sysCfgs == nil {
  225. e.OutErr(c, e.ERR_CFG_CACHE, nil)
  226. return
  227. }
  228. cfgMap := make(map[string]string, len(*sysCfgs))
  229. for _, cfg := range *sysCfgs {
  230. cfgMap[cfg.Key] = cfg.Val
  231. }
  232. endpoint := cfgMap[enum2.AliyunOssEndpoint]
  233. redisKey := STSVoucherRedisKey
  234. redisValue, err := cache.GetString(redisKey)
  235. if err != nil {
  236. if err.Error() == "redigo: nil returned" {
  237. assumeRoleAccessKeyID := cfgMap[enum2.AliyunOssAssumeRoleAccessKeyID]
  238. assumeRoleAccessKeySecret := cfgMap[enum2.AliyunOssAssumeRoleAccessKeySecret]
  239. assumeRoleARN := cfgMap[enum2.AliyunOssAssumeRoleARN]
  240. roleSessionName := "STSRam"
  241. endpointList := strings.Split(endpoint, "-")
  242. stsEndPoint := fmt.Sprintf("sts.%s-%s", endpointList[1], endpointList[2])
  243. client, err := svc.CreateSTSClient(&assumeRoleAccessKeyID, &assumeRoleAccessKeySecret, &stsEndPoint)
  244. if err != nil {
  245. e.OutErr(c, e.ERR, err.Error())
  246. return
  247. }
  248. roleArn := assumeRoleARN
  249. durationSeconds := 3600
  250. assumeRoleResponse, err := svc.AssumeRole(client, &roleArn, &roleSessionName, int64(durationSeconds))
  251. if err != nil {
  252. e.OutErr(c, e.ERR, err.Error())
  253. return
  254. }
  255. CredentialsStr := utils.SerializeStr(assumeRoleResponse.Body.Credentials)
  256. // 提早 60s 释放,避免能拿到令牌但无法上传
  257. cache.SetEx(redisKey, CredentialsStr, durationSeconds-60)
  258. credentials := sts20150401.AssumeRoleResponseBodyCredentials{
  259. AccessKeyId: assumeRoleResponse.Body.Credentials.AccessKeyId,
  260. AccessKeySecret: assumeRoleResponse.Body.Credentials.AccessKeySecret,
  261. Expiration: assumeRoleResponse.Body.Credentials.Expiration,
  262. SecurityToken: assumeRoleResponse.Body.Credentials.SecurityToken,
  263. }
  264. bucket := cfgMap[enum2.AliyunOssBucketName]
  265. region := strings.Split(endpoint, ".")[0]
  266. resp := GetSTSVoucherResp{
  267. STSToken: credentials,
  268. Bucket: bucket,
  269. Region: region,
  270. }
  271. e.OutSuc(c, resp, nil)
  272. return
  273. } else {
  274. e.OutErr(c, e.ERR, nil)
  275. return
  276. }
  277. }
  278. var credentials sts20150401.AssumeRoleResponseBodyCredentials
  279. utils.Unserialize([]byte(redisValue), &credentials)
  280. bucket := cfgMap[enum2.AliyunOssBucketName]
  281. region := strings.Split(endpoint, ".")[0]
  282. resp := GetSTSVoucherResp{
  283. STSToken: credentials,
  284. Bucket: bucket,
  285. Region: region,
  286. }
  287. e.OutSuc(c, resp, nil)
  288. return
  289. }
  290. type GetAdminInfoResp struct {
  291. AdmId int `json:"adm_id"` // 管理员id
  292. Username string `json:"username"` // 用户名
  293. State int `json:"state"` // 状态(1:正常 2:冻结)
  294. IsSuperAdministrator int `json:"is_super_administrator"` // 是否为超级管理员(0:否 1:是)
  295. Memo string `json:"memo"` // 备注信息
  296. }
  297. // GetAdminInfo
  298. // @Summary 通用请求-获取管理员信息
  299. // @Tags 通用请求
  300. // @Description 获取管理员信息
  301. // @Accept json
  302. // @Produce json
  303. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  304. // @Success 200 {object} GetAdminInfoResp "管理员信息"
  305. // @Failure 400 {object} md.Response "具体错误"
  306. // @Router /api/comm/adminInfo [POST]
  307. func GetAdminInfo(c *gin.Context) {
  308. admin := svc.GetUser(c)
  309. resp := GetAdminInfoResp{
  310. AdmId: admin.AdmId,
  311. Username: admin.Username,
  312. State: admin.State,
  313. IsSuperAdministrator: admin.IsSuperAdministrator,
  314. Memo: admin.Memo,
  315. }
  316. e.OutSuc(c, resp, nil)
  317. }