蛋蛋星球 后台端
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
 
 
 
 

330 rader
9.9 KiB

  1. package comm
  2. import (
  3. "applet/app/db"
  4. "applet/app/e"
  5. "applet/app/enum"
  6. "applet/app/md"
  7. "applet/app/svc"
  8. "applet/app/utils"
  9. "applet/app/utils/cache"
  10. "code.fnuoos.com/EggPlanet/egg_models.git/src/implement"
  11. enum2 "code.fnuoos.com/EggPlanet/egg_system_rules.git/enum"
  12. "fmt"
  13. sts20150401 "github.com/alibabacloud-go/sts-20150401/v2/client"
  14. "github.com/aliyun/aliyun-oss-go-sdk/oss"
  15. "github.com/gin-gonic/gin"
  16. "strings"
  17. )
  18. func MenuList(c *gin.Context) {
  19. engine := db.Db
  20. admin := svc.GetUser(c)
  21. qrcodeWithBatchRecordsDb := implement.NewPermissionGroupDb(engine)
  22. groupList, err := qrcodeWithBatchRecordsDb.FindPermissionGroupV2()
  23. if err != nil {
  24. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  25. return
  26. }
  27. // 1、查询出当前用户所有角色
  28. adminRoleDb := implement.NewAdminRoleDb(engine)
  29. roles, err := adminRoleDb.FindAdminRole(admin.AdmId)
  30. if err != nil {
  31. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  32. return
  33. }
  34. roleDb := implement.NewRoleDb(engine, 0)
  35. var adminHasPermissionGroupIds []string
  36. for _, v := range *roles {
  37. list, _, err1 := roleDb.FindPermissionGroupByRole(v.RoleId)
  38. if err1 != nil {
  39. e.OutErr(c, e.ERR_DB_ORM, err1.Error())
  40. return
  41. }
  42. for _, v1 := range list {
  43. adminHasPermissionGroupIds = append(adminHasPermissionGroupIds, utils.IntToStr(v1.PermissionGroup.Id))
  44. }
  45. }
  46. var tempRespMap = map[string]*md.PermissionGroupListResp{}
  47. var tempRespMapKeys []string
  48. for _, v := range *groupList {
  49. var isCheck bool
  50. if admin.IsSuperAdministrator == enum.IsSuperAdministratorTure {
  51. isCheck = true
  52. } else {
  53. isCheck = false
  54. }
  55. if utils.InArr(utils.IntToStr(v.Id), adminHasPermissionGroupIds) {
  56. isCheck = true
  57. }
  58. if v.State == enum.PermissionGroupStateForDiscard {
  59. isCheck = false
  60. }
  61. tempRespMap[utils.IntToStr(v.Id)] = &md.PermissionGroupListResp{
  62. Id: v.Id,
  63. Name: v.Name,
  64. Key: v.Key,
  65. State: v.State,
  66. ParentId: v.ParentId,
  67. CreateAt: v.CreateAt,
  68. UpdateAt: v.UpdateAt,
  69. IsCheck: isCheck,
  70. }
  71. tempRespMapKeys = append(tempRespMapKeys, utils.IntToStr(v.Id))
  72. }
  73. for _, v := range tempRespMap {
  74. if v.ParentId != 0 && tempRespMap[utils.IntToStr(v.ParentId)].ParentId != 0 {
  75. tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList = append(tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList, *v)
  76. }
  77. }
  78. for _, v := range tempRespMap {
  79. if v.ParentId != 0 && tempRespMap[utils.IntToStr(v.ParentId)].ParentId == 0 {
  80. tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList = append(tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList, *v)
  81. }
  82. }
  83. var resp []*md.PermissionGroupListResp
  84. for _, v := range tempRespMapKeys {
  85. if tempRespMap[v].ParentId == 0 {
  86. resp = append(resp, tempRespMap[v])
  87. }
  88. }
  89. e.OutSuc(c, map[string]interface{}{
  90. "list": resp,
  91. "state": []map[string]interface{}{
  92. {
  93. "name": enum.PermissionGroupState(enum.PermissionGroupStateForNormal).String(),
  94. "value": enum.PermissionGroupStateForNormal,
  95. },
  96. {
  97. "name": enum.PermissionGroupState(enum.PermissionGroupStateForDiscard).String(),
  98. "value": enum.PermissionGroupStateForDiscard,
  99. },
  100. },
  101. }, nil)
  102. return
  103. }
  104. type ImgReqUploadReq struct {
  105. FileName string `json:"file_name" binding:"required" example:"文件名"`
  106. ContentType string `json:"content_type,required" binding:"required" example:"image/jpeg"`
  107. }
  108. type ImgReqUploadResp struct {
  109. SignUrl string `json:"sign_url" example:"签名上传url"`
  110. }
  111. // GetOssUrl
  112. // @Summary 通用请求-对象存储-上传许可链接(获取)
  113. // @Tags 对象存储
  114. // @Description 上传许可链接(获取)
  115. // @Accept json
  116. // @Produce json
  117. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  118. // @Param req body comm.ImgReqUploadReq true "签名上传url"
  119. // @Success 200 {string} "许可链接"
  120. // @Failure 400 {object} md.Response "具体错误"
  121. // @Router /api/comm/getOssUrl [POST]
  122. func GetOssUrl(c *gin.Context) {
  123. var args ImgReqUploadReq
  124. err := c.ShouldBindJSON(&args)
  125. if err != nil {
  126. err = svc.HandleValidateErr(err)
  127. err1 := err.(e.E)
  128. e.OutErr(c, err1.Code, err1.Error())
  129. return
  130. }
  131. CommOss(c, args)
  132. }
  133. func CommOss(c *gin.Context, args ImgReqUploadReq) {
  134. redisConn := cache.GetPool().Get()
  135. sysCfgDb := implement.NewSysCfgDb(db.Db, redisConn)
  136. sysCfgs, err := sysCfgDb.SysCfgGetAll()
  137. if err != nil {
  138. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  139. return
  140. }
  141. if sysCfgs == nil {
  142. e.OutErr(c, e.ERR_CFG_CACHE, nil)
  143. return
  144. }
  145. cfgMap := make(map[string]string, len(*sysCfgs))
  146. for _, cfg := range *sysCfgs {
  147. cfgMap[cfg.Key] = cfg.Val
  148. }
  149. endpoint := cfgMap[enum2.AliyunOssEndpoint]
  150. bucketName := cfgMap[enum2.AliyunOssBucketName]
  151. ossBucketScheme := cfgMap[enum2.AliyunOssBucketScheme]
  152. accessKeyID := cfgMap[enum2.AliyunOssAccessKeyID]
  153. accessKeySecret := cfgMap[enum2.AliyunOssAccessKeySecret]
  154. // 创建OSSClient实例。
  155. client, err := oss.New(ossBucketScheme+"://"+endpoint, accessKeyID, accessKeySecret)
  156. if err != nil {
  157. e.OutErr(c, e.ERR, err.Error())
  158. return
  159. }
  160. // 获取存储空间。
  161. bucket, err := client.Bucket(bucketName)
  162. if err != nil {
  163. e.OutErr(c, e.ERR, err.Error())
  164. return
  165. }
  166. options := []oss.Option{
  167. oss.ContentType(args.ContentType),
  168. }
  169. signedURL, err := bucket.SignURL(args.FileName, oss.HTTPPut, 60*5, options...)
  170. if err != nil {
  171. e.OutErr(c, e.ERR_AES_ENCODE, err.Error())
  172. return
  173. }
  174. e.OutSuc(c, signedURL, nil)
  175. }
  176. const STSVoucherRedisKey = "STS_Voucher_Cache_Key"
  177. type GetSTSVoucherResp struct {
  178. STSToken sts20150401.AssumeRoleResponseBodyCredentials `json:"sts_token"` // STS 凭证
  179. Bucket string `json:"bucket"` // oss 桶名称
  180. Region string `json:"region"` // 所在地域
  181. }
  182. // GetSTSVoucher
  183. // @Summary 通用请求-打包机使用-STS临时访问凭证(获取)
  184. // @Tags 打包机使用
  185. // @Description STS临时访问凭证(获取)
  186. // @Accept json
  187. // @Produce json
  188. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  189. // @Success 200 {object} comm.GetSTSVoucherResp "凭证及其他信息"
  190. // @Failure 400 {object} md.Response "具体错误"
  191. // @Router /api/getSTSVoucher [GET]
  192. func GetSTSVoucher(c *gin.Context) {
  193. redisConn := cache.GetPool().Get()
  194. sysCfgDb := implement.NewSysCfgDb(db.Db, redisConn)
  195. sysCfgs, err := sysCfgDb.SysCfgGetAll()
  196. if err != nil {
  197. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  198. return
  199. }
  200. if sysCfgs == nil {
  201. e.OutErr(c, e.ERR_CFG_CACHE, nil)
  202. return
  203. }
  204. cfgMap := make(map[string]string, len(*sysCfgs))
  205. for _, cfg := range *sysCfgs {
  206. cfgMap[cfg.Key] = cfg.Val
  207. }
  208. endpoint := cfgMap[enum2.AliyunOssEndpoint]
  209. redisKey := STSVoucherRedisKey
  210. redisValue, err := cache.GetString(redisKey)
  211. if err != nil {
  212. if err.Error() == "redigo: nil returned" {
  213. assumeRoleAccessKeyID := cfgMap[enum2.AliyunOssAssumeRoleAccessKeyID]
  214. assumeRoleAccessKeySecret := cfgMap[enum2.AliyunOssAssumeRoleAccessKeySecret]
  215. assumeRoleARN := cfgMap[enum2.AliyunOssAssumeRoleARN]
  216. roleSessionName := "STSRam"
  217. endpointList := strings.Split(endpoint, "-")
  218. stsEndPoint := fmt.Sprintf("sts.%s-%s", endpointList[1], endpointList[2])
  219. client, err := svc.CreateSTSClient(&assumeRoleAccessKeyID, &assumeRoleAccessKeySecret, &stsEndPoint)
  220. if err != nil {
  221. e.OutErr(c, e.ERR, err.Error())
  222. return
  223. }
  224. roleArn := assumeRoleARN
  225. durationSeconds := 3600
  226. assumeRoleResponse, err := svc.AssumeRole(client, &roleArn, &roleSessionName, int64(durationSeconds))
  227. if err != nil {
  228. e.OutErr(c, e.ERR, err.Error())
  229. return
  230. }
  231. CredentialsStr := utils.SerializeStr(assumeRoleResponse.Body.Credentials)
  232. // 提早 60s 释放,避免能拿到令牌但无法上传
  233. cache.SetEx(redisKey, CredentialsStr, durationSeconds-60)
  234. credentials := sts20150401.AssumeRoleResponseBodyCredentials{
  235. AccessKeyId: assumeRoleResponse.Body.Credentials.AccessKeyId,
  236. AccessKeySecret: assumeRoleResponse.Body.Credentials.AccessKeySecret,
  237. Expiration: assumeRoleResponse.Body.Credentials.Expiration,
  238. SecurityToken: assumeRoleResponse.Body.Credentials.SecurityToken,
  239. }
  240. bucket := cfgMap[enum2.AliyunOssBucketName]
  241. region := strings.Split(endpoint, ".")[0]
  242. resp := GetSTSVoucherResp{
  243. STSToken: credentials,
  244. Bucket: bucket,
  245. Region: region,
  246. }
  247. e.OutSuc(c, resp, nil)
  248. return
  249. } else {
  250. e.OutErr(c, e.ERR, nil)
  251. return
  252. }
  253. }
  254. var credentials sts20150401.AssumeRoleResponseBodyCredentials
  255. utils.Unserialize([]byte(redisValue), &credentials)
  256. bucket := cfgMap[enum2.AliyunOssBucketName]
  257. region := strings.Split(endpoint, ".")[0]
  258. resp := GetSTSVoucherResp{
  259. STSToken: credentials,
  260. Bucket: bucket,
  261. Region: region,
  262. }
  263. e.OutSuc(c, resp, nil)
  264. return
  265. }
  266. type GetAdminInfoResp struct {
  267. AdmId int `json:"adm_id"` // 管理员id
  268. Username string `json:"username"` // 用户名
  269. State int `json:"state"` // 状态(1:正常 2:冻结)
  270. IsSuperAdministrator int `json:"is_super_administrator"` // 是否为超级管理员(0:否 1:是)
  271. Memo string `json:"memo"` // 备注信息
  272. }
  273. // GetAdminInfo
  274. // @Summary 通用请求-获取管理员信息
  275. // @Tags 通用请求
  276. // @Description 获取管理员信息
  277. // @Accept json
  278. // @Produce json
  279. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  280. // @Success 200 {object} GetAdminInfoResp "管理员信息"
  281. // @Failure 400 {object} md.Response "具体错误"
  282. // @Router /api/comm/adminInfo [POST]
  283. func GetAdminInfo(c *gin.Context) {
  284. admin := svc.GetUser(c)
  285. resp := GetAdminInfoResp{
  286. AdmId: admin.AdmId,
  287. Username: admin.Username,
  288. State: admin.State,
  289. IsSuperAdministrator: admin.IsSuperAdministrator,
  290. Memo: admin.Memo,
  291. }
  292. e.OutSuc(c, resp, nil)
  293. }