update 开放接口权限

1 viikko sitten · 46298e016b
--- a/+ 1
+++ b/+ 1
@@ -17,7 +17,7 @@ ADD . .
 RUN GOOS=linux CGO_ENABLED=0 GOARCH=amd64 go build -tags netgo -ldflags="-s -w" -installsuffix cgo -o zyos main.go

 FROM ubuntu:xenial as prod
 LABEL maintainer="wuhanqin"
 LABEL maintainer="dengbiao"
 ENV TZ="Asia/Shanghai"

 COPY static/html static/html
--- a/app/md/app_redis_key.go
+++ b/app/md/app_redis_key.go
@@ -10,9 +10,13 @@ const (

 	AdminRolePermissionCacheTime = 3600 * 24 * 0.5

 	AdminRolePermissionByOpenCacheTime = 3600 * 24 * 0.5

 	KEY_SYS_CFG_CACHE = "sys_cfg_cache"

 	CfgCacheTime = 86400

 	AdminRolePermissionKey = "%s:advertisement_admin_role_permission:%s" // 占位符：ip, admin:id
 	AdminRolePermissionKey = "%s:advertisement_admin_role_permission:%s" // 占位符：master_id, admin:id

 	AdminRolePermissionByOpenKey = "%s:advertisement_admin_role_permission_by_open" // 占位符：master_id
 )
--- a/app/mw/mw_admin_permission.go
+++ b/app/mw/mw_admin_permission.go
@@ -14,6 +14,21 @@ import (
 func CheckPermission(c *gin.Context) {
 	admin := svc.GetUser(c)
 	masterId := svc.GetMasterId(c)

 	if c.GetBool("is_open") {
 		rolePermissionKey := fmt.Sprintf(md.AdminRolePermissionByOpenKey, masterId)
 		isHasPermission, err := svc.CheckUserRoleByOpen(c, rolePermissionKey, c.Request.RequestURI, utils.StrToInt(masterId))
 		if err != nil {
 			e.OutErr(c, e.ERR, err.Error())
 			return
 		}
 		if !isHasPermission {
 			e.OutErr(c, e.ERR_FORBIDEN, "当前用户暂未拥有该路由权限，请联系管理员")
 			return
 		}
 		c.Next()
 	}

 	// TODO::判断是否为超管
 	if admin.IsSuperAdministrator == enum.IsSuperAdministratorTure {
 		c.Next()
--- a/app/svc/svc_auth.go
+++ b/app/svc/svc_auth.go
@@ -5,6 +5,7 @@ import (
 	db "code.fnuoos.com/zhimeng/model.git/src"
 	"code.fnuoos.com/zhimeng/model.git/src/implement"
 	"code.fnuoos.com/zhimeng/model.git/src/model"
 	implement2 "code.fnuoos.com/zhimeng/model.git/src/super/implement"
 	"errors"
 	"github.com/gin-gonic/gin"
 	"strings"
@@ -33,14 +34,19 @@ func CheckUser(c *gin.Context) (*model.Admin, string, error) {
 		//TODO::兼容open
 		appSecret := c.GetHeader("AppSecret")
 		if appSecret != "" {
 			//TODO::暂时给激活鸟写死
 			if appSecret == "2F125D59EE826535D7E84E407A13C107" {
 			userListDb := implement2.NewUserListDb(db.Db)
 			userList, err := userListDb.GetUserListByOpenAppSecret(appSecret)
 			if err != nil {
 				return nil, "", err
 			}
 			if userList != nil {
 				// 获取admin
 				adminDb := implement.NewAdminDb(db.DBs[GetMasterId(c)])
 				admin, err := adminDb.GetAdmin(1001)
 				if err != nil {
 					return nil, "", err
 				}
 				c.Set("is_open", true)
 				return admin, "", nil
 			}
 		}
--- a/app/svc/svc_role.go
+++ b/app/svc/svc_role.go
@@ -7,6 +7,7 @@ import (
 	db "code.fnuoos.com/zhimeng/model.git/src"
 	"code.fnuoos.com/zhimeng/model.git/src/implement"
 	"code.fnuoos.com/zhimeng/model.git/src/model"
 	implement2 "code.fnuoos.com/zhimeng/model.git/src/super/implement"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -67,6 +68,56 @@ func CheckUserRole(c *gin.Context, cacheKey, uri string, admId int) (isHasPermis
 	return
 }

 func CheckUserRoleByOpen(c *gin.Context, cacheKey, uri string, masterId int) (isHasPermission bool, err error) {
 	uri = utils.UriFilterExcludeQueryString(uri) // 去除uri中?后的query参数
 	isHasPermission = false
 	var rolePermission []string
 	var rolePermissionString string
 	rolePermissionString, _ = cache.GetString(cacheKey)

 	// TODO::判断是否在白名单中
 	if utils.InArr(uri, md.WhiteUri) {
 		isHasPermission = true
 		return
 	}

 	if rolePermissionString != "" {
 		if err = json.Unmarshal([]byte(rolePermissionString), &rolePermission); err != nil {
 			return
 		}
 	} else {
 		userOpenPermissionDb := implement2.NewUserOpenPermissionDb(db.Db)
 		list, _, err1 := userOpenPermissionDb.GetUserOpenPermission(masterId)
 		if err1 != nil {
 			return isHasPermission, err1
 		}
 		for _, v := range list {
 			rolePermission = append(rolePermission, v.OpenPermission.Action)
 		}
 		marshal, err1 := json.Marshal(rolePermission)
 		if err1 != nil {
 			return isHasPermission, err1
 		}
 		rolePermissionString = string(marshal)
 		_, err = cache.SetEx(cacheKey, rolePermissionString, md.AdminRolePermissionByOpenCacheTime)
 	}

 	if utils.InArr(uri, rolePermission) {
 		isHasPermission = true
 	} else {
 		// 正则匹配占位符情况
 		compileRegex := regexp.MustCompile("[0-9]+")
 		matchArr := compileRegex.FindAllString(uri, -1)
 		if len(matchArr) > 0 {
 			uri = strings.Replace(uri, matchArr[len(matchArr)-1], ":id", 1)
 			if utils.InArr(uri, rolePermission) {
 				isHasPermission = true
 			}
 		}
 	}
 	return
 }

 func DeleteRole(c *gin.Context, roleId int) (err error) {
 	engine := db.DBs[GetMasterId(c)]
 	session := engine.NewSession()
--- a/go.mod
+++ b/go.mod
@@ -36,7 +36,7 @@ require (
 require (
 	code.fnuoos.com/go_rely_warehouse/zyos_go_mq.git v0.0.5
 	code.fnuoos.com/go_rely_warehouse/zyos_go_third_party_api.git v1.1.21-0.20240830072333-a1980ffb256e
 	code.fnuoos.com/zhimeng/model.git v0.0.3-0.20241025084129-8b263ebe9032
 	code.fnuoos.com/zhimeng/model.git v0.0.3-0.20241028073907-ef7ecbd0db8d
 	github.com/360EntSecGroup-Skylar/excelize v1.4.1
 	github.com/jinzhu/copier v0.4.0
 )