From 46298e016b88fd835d4795daa2f029ce1b260e3e Mon Sep 17 00:00:00 2001 From: dengbiao Date: Mon, 28 Oct 2024 15:40:17 +0800 Subject: [PATCH] =?UTF-8?q?update=20=E5=BC=80=E6=94=BE=E6=8E=A5=E5=8F=A3?= =?UTF-8?q?=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 2 +- app/md/app_redis_key.go | 6 ++++- app/mw/mw_admin_permission.go | 15 +++++++++++ app/svc/svc_auth.go | 10 +++++-- app/svc/svc_role.go | 51 +++++++++++++++++++++++++++++++++++ go.mod | 2 +- 6 files changed, 81 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 218ff1f..3f08665 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,7 @@ ADD . . RUN GOOS=linux CGO_ENABLED=0 GOARCH=amd64 go build -tags netgo -ldflags="-s -w" -installsuffix cgo -o zyos main.go FROM ubuntu:xenial as prod -LABEL maintainer="wuhanqin" +LABEL maintainer="dengbiao" ENV TZ="Asia/Shanghai" COPY static/html static/html diff --git a/app/md/app_redis_key.go b/app/md/app_redis_key.go index 66203ed..337052d 100644 --- a/app/md/app_redis_key.go +++ b/app/md/app_redis_key.go @@ -10,9 +10,13 @@ const ( AdminRolePermissionCacheTime = 3600 * 24 * 0.5 + AdminRolePermissionByOpenCacheTime = 3600 * 24 * 0.5 + KEY_SYS_CFG_CACHE = "sys_cfg_cache" CfgCacheTime = 86400 - AdminRolePermissionKey = "%s:advertisement_admin_role_permission:%s" // 占位符:ip, admin:id + AdminRolePermissionKey = "%s:advertisement_admin_role_permission:%s" // 占位符:master_id, admin:id + + AdminRolePermissionByOpenKey = "%s:advertisement_admin_role_permission_by_open" // 占位符:master_id ) diff --git a/app/mw/mw_admin_permission.go b/app/mw/mw_admin_permission.go index 57109b7..57d2d83 100644 --- a/app/mw/mw_admin_permission.go +++ b/app/mw/mw_admin_permission.go @@ -14,6 +14,21 @@ import ( func CheckPermission(c *gin.Context) { admin := svc.GetUser(c) masterId := svc.GetMasterId(c) + + if c.GetBool("is_open") { + rolePermissionKey := fmt.Sprintf(md.AdminRolePermissionByOpenKey, masterId) + isHasPermission, err := svc.CheckUserRoleByOpen(c, rolePermissionKey, c.Request.RequestURI, utils.StrToInt(masterId)) + if err != nil { + e.OutErr(c, e.ERR, err.Error()) + return + } + if !isHasPermission { + e.OutErr(c, e.ERR_FORBIDEN, "当前用户暂未拥有该路由权限,请联系管理员") + return + } + c.Next() + } + // TODO::判断是否为超管 if admin.IsSuperAdministrator == enum.IsSuperAdministratorTure { c.Next() diff --git a/app/svc/svc_auth.go b/app/svc/svc_auth.go index 5ddd19d..a0d4403 100644 --- a/app/svc/svc_auth.go +++ b/app/svc/svc_auth.go @@ -5,6 +5,7 @@ import ( db "code.fnuoos.com/zhimeng/model.git/src" "code.fnuoos.com/zhimeng/model.git/src/implement" "code.fnuoos.com/zhimeng/model.git/src/model" + implement2 "code.fnuoos.com/zhimeng/model.git/src/super/implement" "errors" "github.com/gin-gonic/gin" "strings" @@ -33,14 +34,19 @@ func CheckUser(c *gin.Context) (*model.Admin, string, error) { //TODO::兼容open appSecret := c.GetHeader("AppSecret") if appSecret != "" { - //TODO::暂时给激活鸟写死 - if appSecret == "2F125D59EE826535D7E84E407A13C107" { + userListDb := implement2.NewUserListDb(db.Db) + userList, err := userListDb.GetUserListByOpenAppSecret(appSecret) + if err != nil { + return nil, "", err + } + if userList != nil { // 获取admin adminDb := implement.NewAdminDb(db.DBs[GetMasterId(c)]) admin, err := adminDb.GetAdmin(1001) if err != nil { return nil, "", err } + c.Set("is_open", true) return admin, "", nil } } diff --git a/app/svc/svc_role.go b/app/svc/svc_role.go index c805e64..817aefe 100644 --- a/app/svc/svc_role.go +++ b/app/svc/svc_role.go @@ -7,6 +7,7 @@ import ( db "code.fnuoos.com/zhimeng/model.git/src" "code.fnuoos.com/zhimeng/model.git/src/implement" "code.fnuoos.com/zhimeng/model.git/src/model" + implement2 "code.fnuoos.com/zhimeng/model.git/src/super/implement" "encoding/json" "errors" "fmt" @@ -67,6 +68,56 @@ func CheckUserRole(c *gin.Context, cacheKey, uri string, admId int) (isHasPermis return } +func CheckUserRoleByOpen(c *gin.Context, cacheKey, uri string, masterId int) (isHasPermission bool, err error) { + uri = utils.UriFilterExcludeQueryString(uri) // 去除uri中?后的query参数 + isHasPermission = false + var rolePermission []string + var rolePermissionString string + rolePermissionString, _ = cache.GetString(cacheKey) + + // TODO::判断是否在白名单中 + if utils.InArr(uri, md.WhiteUri) { + isHasPermission = true + return + } + + if rolePermissionString != "" { + if err = json.Unmarshal([]byte(rolePermissionString), &rolePermission); err != nil { + return + } + } else { + userOpenPermissionDb := implement2.NewUserOpenPermissionDb(db.Db) + list, _, err1 := userOpenPermissionDb.GetUserOpenPermission(masterId) + if err1 != nil { + return isHasPermission, err1 + } + for _, v := range list { + rolePermission = append(rolePermission, v.OpenPermission.Action) + } + marshal, err1 := json.Marshal(rolePermission) + if err1 != nil { + return isHasPermission, err1 + } + rolePermissionString = string(marshal) + _, err = cache.SetEx(cacheKey, rolePermissionString, md.AdminRolePermissionByOpenCacheTime) + } + + if utils.InArr(uri, rolePermission) { + isHasPermission = true + } else { + // 正则匹配占位符情况 + compileRegex := regexp.MustCompile("[0-9]+") + matchArr := compileRegex.FindAllString(uri, -1) + if len(matchArr) > 0 { + uri = strings.Replace(uri, matchArr[len(matchArr)-1], ":id", 1) + if utils.InArr(uri, rolePermission) { + isHasPermission = true + } + } + } + return +} + func DeleteRole(c *gin.Context, roleId int) (err error) { engine := db.DBs[GetMasterId(c)] session := engine.NewSession() diff --git a/go.mod b/go.mod index e55f39b..577723e 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( require ( code.fnuoos.com/go_rely_warehouse/zyos_go_mq.git v0.0.5 code.fnuoos.com/go_rely_warehouse/zyos_go_third_party_api.git v1.1.21-0.20240830072333-a1980ffb256e - code.fnuoos.com/zhimeng/model.git v0.0.3-0.20241025084129-8b263ebe9032 + code.fnuoos.com/zhimeng/model.git v0.0.3-0.20241028073907-ef7ecbd0db8d github.com/360EntSecGroup-Skylar/excelize v1.4.1 github.com/jinzhu/copier v0.4.0 )