蛋蛋星球 后台端
 
 
 
 

339 lines
10 KiB

  1. package comm
  2. import (
  3. "applet/app/db"
  4. "applet/app/e"
  5. "applet/app/enum"
  6. "applet/app/md"
  7. "applet/app/svc"
  8. "applet/app/svc/sys_cfg"
  9. "applet/app/utils"
  10. "applet/app/utils/cache"
  11. "code.fnuoos.com/EggPlanet/egg_models.git/src/implement"
  12. enum2 "code.fnuoos.com/EggPlanet/egg_system_rules.git/enum"
  13. "fmt"
  14. sts20150401 "github.com/alibabacloud-go/sts-20150401/v2/client"
  15. "github.com/aliyun/aliyun-oss-go-sdk/oss"
  16. "github.com/gin-gonic/gin"
  17. "strings"
  18. )
  19. // MenuList
  20. // @Summary 通用请求-权限列表-菜单栏列表(获取)
  21. // @Tags 权限列表
  22. // @Description 菜单栏列表(获取)
  23. // @Accept json
  24. // @Produce json
  25. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  26. // @Success 200 {object} map[string]interface{} "具体路由"
  27. // @Failure 400 {object} md.Response "具体错误"
  28. // @Router /api/comm/getMenuList [POST]
  29. func MenuList(c *gin.Context) {
  30. engine := db.Db
  31. admin := svc.GetUser(c)
  32. qrcodeWithBatchRecordsDb := implement.NewPermissionGroupDb(engine)
  33. groupList, err := qrcodeWithBatchRecordsDb.FindPermissionGroup()
  34. if err != nil {
  35. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  36. return
  37. }
  38. // 1、查询出当前用户所有角色
  39. adminRoleDb := implement.NewAdminRoleDb(engine)
  40. roles, err := adminRoleDb.FindAdminRole(admin.AdmId)
  41. if err != nil {
  42. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  43. return
  44. }
  45. roleDb := implement.NewRoleDb(engine, 0)
  46. var adminHasPermissionGroupIds []string
  47. for _, v := range *roles {
  48. list, _, err1 := roleDb.FindPermissionGroupByRole(v.RoleId)
  49. if err1 != nil {
  50. e.OutErr(c, e.ERR_DB_ORM, err1.Error())
  51. return
  52. }
  53. for _, v1 := range list {
  54. adminHasPermissionGroupIds = append(adminHasPermissionGroupIds, utils.IntToStr(v1.PermissionGroup.Id))
  55. }
  56. }
  57. var tempRespMap = map[string]*md.PermissionGroupListResp{}
  58. var tempRespMapKeys []string
  59. for _, v := range *groupList {
  60. var isCheck bool
  61. if admin.IsSuperAdministrator == enum.IsSuperAdministratorTure {
  62. isCheck = true
  63. } else {
  64. isCheck = false
  65. }
  66. if utils.InArr(utils.IntToStr(v.Id), adminHasPermissionGroupIds) {
  67. isCheck = true
  68. }
  69. if v.State == enum.PermissionGroupStateForDiscard {
  70. isCheck = false
  71. }
  72. tempRespMap[utils.IntToStr(v.Id)] = &md.PermissionGroupListResp{
  73. Id: v.Id,
  74. Name: v.Name,
  75. Key: v.Key,
  76. State: v.State,
  77. ParentId: v.ParentId,
  78. CreateAt: v.CreateAt,
  79. UpdateAt: v.UpdateAt,
  80. IsCheck: isCheck,
  81. }
  82. tempRespMapKeys = append(tempRespMapKeys, utils.IntToStr(v.Id))
  83. }
  84. for _, v := range tempRespMap {
  85. if v.ParentId != 0 && tempRespMap[utils.IntToStr(v.ParentId)].ParentId != 0 {
  86. tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList = append(tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList, *v)
  87. }
  88. }
  89. for _, v := range tempRespMap {
  90. if v.ParentId != 0 && tempRespMap[utils.IntToStr(v.ParentId)].ParentId == 0 {
  91. tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList = append(tempRespMap[utils.IntToStr(v.ParentId)].SubPermissionGroupList, *v)
  92. }
  93. }
  94. var resp []*md.PermissionGroupListResp
  95. for _, v := range tempRespMapKeys {
  96. if tempRespMap[v].ParentId == 0 {
  97. resp = append(resp, tempRespMap[v])
  98. }
  99. }
  100. e.OutSuc(c, map[string]interface{}{
  101. "list": resp,
  102. "state": []map[string]interface{}{
  103. {
  104. "name": enum.PermissionGroupState(enum.PermissionGroupStateForNormal).String(),
  105. "value": enum.PermissionGroupStateForNormal,
  106. },
  107. {
  108. "name": enum.PermissionGroupState(enum.PermissionGroupStateForDiscard).String(),
  109. "value": enum.PermissionGroupStateForDiscard,
  110. },
  111. },
  112. }, nil)
  113. return
  114. }
  115. type ImgReqUploadReq struct {
  116. FileName string `json:"file_name" binding:"required" example:"文件名"`
  117. ContentType string `json:"content_type,required" binding:"required" example:"image/jpeg"`
  118. }
  119. type ImgReqUploadResp struct {
  120. SignUrl string `json:"sign_url" example:"签名上传url"`
  121. }
  122. // GetOssUrl
  123. // @Summary 通用请求-对象存储-上传许可链接(获取)
  124. // @Tags 对象存储
  125. // @Description 上传许可链接(获取)
  126. // @Accept json
  127. // @Produce json
  128. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  129. // @Param req body comm.ImgReqUploadReq true "签名上传url"
  130. // @Success 200 {string} "许可链接"
  131. // @Failure 400 {object} md.Response "具体错误"
  132. // @Router /api/comm/getOssUrl [POST]
  133. func GetOssUrl(c *gin.Context) {
  134. var args ImgReqUploadReq
  135. err := c.ShouldBindJSON(&args)
  136. if err != nil {
  137. err = svc.HandleValidateErr(err)
  138. err1 := err.(e.E)
  139. e.OutErr(c, err1.Code, err1.Error())
  140. return
  141. }
  142. CommOss(c, args)
  143. }
  144. func CommOss(c *gin.Context, args ImgReqUploadReq) {
  145. sysCfgDb := sys_cfg.NewSysCfgDb(db.Db)
  146. sysCfgs, err := sysCfgDb.SysCfgGetAll()
  147. if err != nil {
  148. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  149. return
  150. }
  151. if sysCfgs == nil {
  152. e.OutErr(c, e.ERR_CFG_CACHE, nil)
  153. return
  154. }
  155. cfgMap := make(map[string]string, len(*sysCfgs))
  156. for _, cfg := range *sysCfgs {
  157. cfgMap[cfg.Key] = cfg.Val
  158. }
  159. endpoint := cfgMap[enum2.AliyunOssEndpoint]
  160. bucketName := cfgMap[enum2.AliyunOssBucketName]
  161. ossBucketScheme := cfgMap[enum2.AliyunOssBucketScheme]
  162. accessKeyID := cfgMap[enum2.AliyunOssAccessKeyID]
  163. accessKeySecret := cfgMap[enum2.AliyunOssAccessKeySecret]
  164. // 创建OSSClient实例。
  165. client, err := oss.New(ossBucketScheme+"://"+endpoint, accessKeyID, accessKeySecret)
  166. if err != nil {
  167. e.OutErr(c, e.ERR, err.Error())
  168. return
  169. }
  170. // 获取存储空间。
  171. bucket, err := client.Bucket(bucketName)
  172. if err != nil {
  173. e.OutErr(c, e.ERR, err.Error())
  174. return
  175. }
  176. options := []oss.Option{
  177. oss.ContentType(args.ContentType),
  178. }
  179. signedURL, err := bucket.SignURL(args.FileName, oss.HTTPPut, 60*5, options...)
  180. if err != nil {
  181. e.OutErr(c, e.ERR_AES_ENCODE, err.Error())
  182. return
  183. }
  184. e.OutSuc(c, signedURL, nil)
  185. }
  186. const STSVoucherRedisKey = "STS_Voucher_Cache_Key"
  187. type GetSTSVoucherResp struct {
  188. STSToken sts20150401.AssumeRoleResponseBodyCredentials `json:"sts_token"` // STS 凭证
  189. Bucket string `json:"bucket"` // oss 桶名称
  190. Region string `json:"region"` // 所在地域
  191. }
  192. // GetSTSVoucher
  193. // @Summary 通用请求-打包机使用-STS临时访问凭证(获取)
  194. // @Tags 打包机使用
  195. // @Description STS临时访问凭证(获取)
  196. // @Accept json
  197. // @Produce json
  198. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  199. // @Success 200 {object} comm.GetSTSVoucherResp "凭证及其他信息"
  200. // @Failure 400 {object} md.Response "具体错误"
  201. // @Router /api/getSTSVoucher [GET]
  202. func GetSTSVoucher(c *gin.Context) {
  203. sysCfgDb := sys_cfg.NewSysCfgDb(db.Db)
  204. sysCfgs, err := sysCfgDb.SysCfgGetAll()
  205. if err != nil {
  206. e.OutErr(c, e.ERR_DB_ORM, err.Error())
  207. return
  208. }
  209. if sysCfgs == nil {
  210. e.OutErr(c, e.ERR_CFG_CACHE, nil)
  211. return
  212. }
  213. cfgMap := make(map[string]string, len(*sysCfgs))
  214. for _, cfg := range *sysCfgs {
  215. cfgMap[cfg.Key] = cfg.Val
  216. }
  217. endpoint := cfgMap[enum2.AliyunOssEndpoint]
  218. redisKey := STSVoucherRedisKey
  219. redisValue, err := cache.GetString(redisKey)
  220. if err != nil {
  221. if err.Error() == "redigo: nil returned" {
  222. assumeRoleAccessKeyID := cfgMap[enum2.AliyunOssAssumeRoleAccessKeyID]
  223. assumeRoleAccessKeySecret := cfgMap[enum2.AliyunOssAssumeRoleAccessKeySecret]
  224. assumeRoleARN := cfgMap[enum2.AliyunOssAssumeRoleARN]
  225. roleSessionName := "STSRam"
  226. endpointList := strings.Split(endpoint, "-")
  227. stsEndPoint := fmt.Sprintf("sts.%s-%s", endpointList[1], endpointList[2])
  228. client, err := svc.CreateSTSClient(&assumeRoleAccessKeyID, &assumeRoleAccessKeySecret, &stsEndPoint)
  229. if err != nil {
  230. e.OutErr(c, e.ERR, err.Error())
  231. return
  232. }
  233. roleArn := assumeRoleARN
  234. durationSeconds := 3600
  235. assumeRoleResponse, err := svc.AssumeRole(client, &roleArn, &roleSessionName, int64(durationSeconds))
  236. if err != nil {
  237. e.OutErr(c, e.ERR, err.Error())
  238. return
  239. }
  240. CredentialsStr := utils.SerializeStr(assumeRoleResponse.Body.Credentials)
  241. // 提早 60s 释放,避免能拿到令牌但无法上传
  242. cache.SetEx(redisKey, CredentialsStr, durationSeconds-60)
  243. credentials := sts20150401.AssumeRoleResponseBodyCredentials{
  244. AccessKeyId: assumeRoleResponse.Body.Credentials.AccessKeyId,
  245. AccessKeySecret: assumeRoleResponse.Body.Credentials.AccessKeySecret,
  246. Expiration: assumeRoleResponse.Body.Credentials.Expiration,
  247. SecurityToken: assumeRoleResponse.Body.Credentials.SecurityToken,
  248. }
  249. bucket := cfgMap[enum2.AliyunOssBucketName]
  250. region := strings.Split(endpoint, ".")[0]
  251. resp := GetSTSVoucherResp{
  252. STSToken: credentials,
  253. Bucket: bucket,
  254. Region: region,
  255. }
  256. e.OutSuc(c, resp, nil)
  257. return
  258. } else {
  259. e.OutErr(c, e.ERR, nil)
  260. return
  261. }
  262. }
  263. var credentials sts20150401.AssumeRoleResponseBodyCredentials
  264. utils.Unserialize([]byte(redisValue), &credentials)
  265. bucket := cfgMap[enum2.AliyunOssBucketName]
  266. region := strings.Split(endpoint, ".")[0]
  267. resp := GetSTSVoucherResp{
  268. STSToken: credentials,
  269. Bucket: bucket,
  270. Region: region,
  271. }
  272. e.OutSuc(c, resp, nil)
  273. return
  274. }
  275. type GetAdminInfoResp struct {
  276. AdmId int `json:"adm_id"` // 管理员id
  277. Username string `json:"username"` // 用户名
  278. State int `json:"state"` // 状态(1:正常 2:冻结)
  279. IsSuperAdministrator int `json:"is_super_administrator"` // 是否为超级管理员(0:否 1:是)
  280. Memo string `json:"memo"` // 备注信息
  281. }
  282. // GetAdminInfo
  283. // @Summary 通用请求-获取管理员信息
  284. // @Tags 通用请求
  285. // @Description 获取管理员信息
  286. // @Accept json
  287. // @Produce json
  288. // @param Authorization header string true "验证参数Bearer和token空格拼接"
  289. // @Success 200 {object} GetAdminInfoResp "管理员信息"
  290. // @Failure 400 {object} md.Response "具体错误"
  291. // @Router /api/comm/adminInfo [POST]
  292. func GetAdminInfo(c *gin.Context) {
  293. admin := svc.GetUser(c)
  294. resp := GetAdminInfoResp{
  295. AdmId: admin.AdmId,
  296. Username: admin.Username,
  297. State: admin.State,
  298. IsSuperAdministrator: admin.IsSuperAdministrator,
  299. Memo: admin.Memo,
  300. }
  301. e.OutSuc(c, resp, nil)
  302. }