Ver a proveniência

update 开放接口权限

master
dengbiao há 1 semana
ascendente
cometimento
46298e016b
6 ficheiros alterados com 81 adições e 5 eliminações
  1. +1
    -1
      Dockerfile
  2. +5
    -1
      app/md/app_redis_key.go
  3. +15
    -0
      app/mw/mw_admin_permission.go
  4. +8
    -2
      app/svc/svc_auth.go
  5. +51
    -0
      app/svc/svc_role.go
  6. +1
    -1
      go.mod

+ 1
- 1
Dockerfile Ver ficheiro

@@ -17,7 +17,7 @@ ADD . .
RUN GOOS=linux CGO_ENABLED=0 GOARCH=amd64 go build -tags netgo -ldflags="-s -w" -installsuffix cgo -o zyos main.go

FROM ubuntu:xenial as prod
LABEL maintainer="wuhanqin"
LABEL maintainer="dengbiao"
ENV TZ="Asia/Shanghai"

COPY static/html static/html


+ 5
- 1
app/md/app_redis_key.go Ver ficheiro

@@ -10,9 +10,13 @@ const (

AdminRolePermissionCacheTime = 3600 * 24 * 0.5

AdminRolePermissionByOpenCacheTime = 3600 * 24 * 0.5

KEY_SYS_CFG_CACHE = "sys_cfg_cache"

CfgCacheTime = 86400

AdminRolePermissionKey = "%s:advertisement_admin_role_permission:%s" // 占位符:ip, admin:id
AdminRolePermissionKey = "%s:advertisement_admin_role_permission:%s" // 占位符:master_id, admin:id

AdminRolePermissionByOpenKey = "%s:advertisement_admin_role_permission_by_open" // 占位符:master_id
)

+ 15
- 0
app/mw/mw_admin_permission.go Ver ficheiro

@@ -14,6 +14,21 @@ import (
func CheckPermission(c *gin.Context) {
admin := svc.GetUser(c)
masterId := svc.GetMasterId(c)

if c.GetBool("is_open") {
rolePermissionKey := fmt.Sprintf(md.AdminRolePermissionByOpenKey, masterId)
isHasPermission, err := svc.CheckUserRoleByOpen(c, rolePermissionKey, c.Request.RequestURI, utils.StrToInt(masterId))
if err != nil {
e.OutErr(c, e.ERR, err.Error())
return
}
if !isHasPermission {
e.OutErr(c, e.ERR_FORBIDEN, "当前用户暂未拥有该路由权限,请联系管理员")
return
}
c.Next()
}

// TODO::判断是否为超管
if admin.IsSuperAdministrator == enum.IsSuperAdministratorTure {
c.Next()


+ 8
- 2
app/svc/svc_auth.go Ver ficheiro

@@ -5,6 +5,7 @@ import (
db "code.fnuoos.com/zhimeng/model.git/src"
"code.fnuoos.com/zhimeng/model.git/src/implement"
"code.fnuoos.com/zhimeng/model.git/src/model"
implement2 "code.fnuoos.com/zhimeng/model.git/src/super/implement"
"errors"
"github.com/gin-gonic/gin"
"strings"
@@ -33,14 +34,19 @@ func CheckUser(c *gin.Context) (*model.Admin, string, error) {
//TODO::兼容open
appSecret := c.GetHeader("AppSecret")
if appSecret != "" {
//TODO::暂时给激活鸟写死
if appSecret == "2F125D59EE826535D7E84E407A13C107" {
userListDb := implement2.NewUserListDb(db.Db)
userList, err := userListDb.GetUserListByOpenAppSecret(appSecret)
if err != nil {
return nil, "", err
}
if userList != nil {
// 获取admin
adminDb := implement.NewAdminDb(db.DBs[GetMasterId(c)])
admin, err := adminDb.GetAdmin(1001)
if err != nil {
return nil, "", err
}
c.Set("is_open", true)
return admin, "", nil
}
}


+ 51
- 0
app/svc/svc_role.go Ver ficheiro

@@ -7,6 +7,7 @@ import (
db "code.fnuoos.com/zhimeng/model.git/src"
"code.fnuoos.com/zhimeng/model.git/src/implement"
"code.fnuoos.com/zhimeng/model.git/src/model"
implement2 "code.fnuoos.com/zhimeng/model.git/src/super/implement"
"encoding/json"
"errors"
"fmt"
@@ -67,6 +68,56 @@ func CheckUserRole(c *gin.Context, cacheKey, uri string, admId int) (isHasPermis
return
}

func CheckUserRoleByOpen(c *gin.Context, cacheKey, uri string, masterId int) (isHasPermission bool, err error) {
uri = utils.UriFilterExcludeQueryString(uri) // 去除uri中?后的query参数
isHasPermission = false
var rolePermission []string
var rolePermissionString string
rolePermissionString, _ = cache.GetString(cacheKey)

// TODO::判断是否在白名单中
if utils.InArr(uri, md.WhiteUri) {
isHasPermission = true
return
}

if rolePermissionString != "" {
if err = json.Unmarshal([]byte(rolePermissionString), &rolePermission); err != nil {
return
}
} else {
userOpenPermissionDb := implement2.NewUserOpenPermissionDb(db.Db)
list, _, err1 := userOpenPermissionDb.GetUserOpenPermission(masterId)
if err1 != nil {
return isHasPermission, err1
}
for _, v := range list {
rolePermission = append(rolePermission, v.OpenPermission.Action)
}
marshal, err1 := json.Marshal(rolePermission)
if err1 != nil {
return isHasPermission, err1
}
rolePermissionString = string(marshal)
_, err = cache.SetEx(cacheKey, rolePermissionString, md.AdminRolePermissionByOpenCacheTime)
}

if utils.InArr(uri, rolePermission) {
isHasPermission = true
} else {
// 正则匹配占位符情况
compileRegex := regexp.MustCompile("[0-9]+")
matchArr := compileRegex.FindAllString(uri, -1)
if len(matchArr) > 0 {
uri = strings.Replace(uri, matchArr[len(matchArr)-1], ":id", 1)
if utils.InArr(uri, rolePermission) {
isHasPermission = true
}
}
}
return
}

func DeleteRole(c *gin.Context, roleId int) (err error) {
engine := db.DBs[GetMasterId(c)]
session := engine.NewSession()


+ 1
- 1
go.mod Ver ficheiro

@@ -36,7 +36,7 @@ require (
require (
code.fnuoos.com/go_rely_warehouse/zyos_go_mq.git v0.0.5
code.fnuoos.com/go_rely_warehouse/zyos_go_third_party_api.git v1.1.21-0.20240830072333-a1980ffb256e
code.fnuoos.com/zhimeng/model.git v0.0.3-0.20241025084129-8b263ebe9032
code.fnuoos.com/zhimeng/model.git v0.0.3-0.20241028073907-ef7ecbd0db8d
github.com/360EntSecGroup-Skylar/excelize v1.4.1
github.com/jinzhu/copier v0.4.0
)


Carregando…
Cancelar
Guardar