6 changed files with 81 additions and 5 deletions
Unified View
Diff Options
-
+1 -1Dockerfile
-
+5 -1app/md/app_redis_key.go
-
+15 -0app/mw/mw_admin_permission.go
-
+8 -2app/svc/svc_auth.go
-
+51 -0app/svc/svc_role.go
-
+1 -1go.mod
+ 1
- 1
Dockerfile
View File
| @@ -17,7 +17,7 @@ ADD . . | |||||
| RUN GOOS=linux CGO_ENABLED=0 GOARCH=amd64 go build -tags netgo -ldflags="-s -w" -installsuffix cgo -o zyos main.go | RUN GOOS=linux CGO_ENABLED=0 GOARCH=amd64 go build -tags netgo -ldflags="-s -w" -installsuffix cgo -o zyos main.go | ||||
| FROM ubuntu:xenial as prod | FROM ubuntu:xenial as prod | ||||
| LABEL maintainer="wuhanqin" | |||||
| LABEL maintainer="dengbiao" | |||||
| ENV TZ="Asia/Shanghai" | ENV TZ="Asia/Shanghai" | ||||
| COPY static/html static/html | COPY static/html static/html | ||||
+ 5
- 1
app/md/app_redis_key.go
View File
| @@ -10,9 +10,13 @@ const ( | |||||
| AdminRolePermissionCacheTime = 3600 * 24 * 0.5 | AdminRolePermissionCacheTime = 3600 * 24 * 0.5 | ||||
| AdminRolePermissionByOpenCacheTime = 3600 * 24 * 0.5 | |||||
| KEY_SYS_CFG_CACHE = "sys_cfg_cache" | KEY_SYS_CFG_CACHE = "sys_cfg_cache" | ||||
| CfgCacheTime = 86400 | CfgCacheTime = 86400 | ||||
| AdminRolePermissionKey = "%s:advertisement_admin_role_permission:%s" // 占位符:ip, admin:id | |||||
| AdminRolePermissionKey = "%s:advertisement_admin_role_permission:%s" // 占位符:master_id, admin:id | |||||
| AdminRolePermissionByOpenKey = "%s:advertisement_admin_role_permission_by_open" // 占位符:master_id | |||||
| ) | ) | ||||
+ 15
- 0
app/mw/mw_admin_permission.go
View File
| @@ -14,6 +14,21 @@ import ( | |||||
| func CheckPermission(c *gin.Context) { | func CheckPermission(c *gin.Context) { | ||||
| admin := svc.GetUser(c) | admin := svc.GetUser(c) | ||||
| masterId := svc.GetMasterId(c) | masterId := svc.GetMasterId(c) | ||||
| if c.GetBool("is_open") { | |||||
| rolePermissionKey := fmt.Sprintf(md.AdminRolePermissionByOpenKey, masterId) | |||||
| isHasPermission, err := svc.CheckUserRoleByOpen(c, rolePermissionKey, c.Request.RequestURI, utils.StrToInt(masterId)) | |||||
| if err != nil { | |||||
| e.OutErr(c, e.ERR, err.Error()) | |||||
| return | |||||
| } | |||||
| if !isHasPermission { | |||||
| e.OutErr(c, e.ERR_FORBIDEN, "当前用户暂未拥有该路由权限,请联系管理员") | |||||
| return | |||||
| } | |||||
| c.Next() | |||||
| } | |||||
| // TODO::判断是否为超管 | // TODO::判断是否为超管 | ||||
| if admin.IsSuperAdministrator == enum.IsSuperAdministratorTure { | if admin.IsSuperAdministrator == enum.IsSuperAdministratorTure { | ||||
| c.Next() | c.Next() | ||||
+ 8
- 2
app/svc/svc_auth.go
View File
| @@ -5,6 +5,7 @@ import ( | |||||
| db "code.fnuoos.com/zhimeng/model.git/src" | db "code.fnuoos.com/zhimeng/model.git/src" | ||||
| "code.fnuoos.com/zhimeng/model.git/src/implement" | "code.fnuoos.com/zhimeng/model.git/src/implement" | ||||
| "code.fnuoos.com/zhimeng/model.git/src/model" | "code.fnuoos.com/zhimeng/model.git/src/model" | ||||
| implement2 "code.fnuoos.com/zhimeng/model.git/src/super/implement" | |||||
| "errors" | "errors" | ||||
| "github.com/gin-gonic/gin" | "github.com/gin-gonic/gin" | ||||
| "strings" | "strings" | ||||
| @@ -33,14 +34,19 @@ func CheckUser(c *gin.Context) (*model.Admin, string, error) { | |||||
| //TODO::兼容open | //TODO::兼容open | ||||
| appSecret := c.GetHeader("AppSecret") | appSecret := c.GetHeader("AppSecret") | ||||
| if appSecret != "" { | if appSecret != "" { | ||||
| //TODO::暂时给激活鸟写死 | |||||
| if appSecret == "2F125D59EE826535D7E84E407A13C107" { | |||||
| userListDb := implement2.NewUserListDb(db.Db) | |||||
| userList, err := userListDb.GetUserListByOpenAppSecret(appSecret) | |||||
| if err != nil { | |||||
| return nil, "", err | |||||
| } | |||||
| if userList != nil { | |||||
| // 获取admin | // 获取admin | ||||
| adminDb := implement.NewAdminDb(db.DBs[GetMasterId(c)]) | adminDb := implement.NewAdminDb(db.DBs[GetMasterId(c)]) | ||||
| admin, err := adminDb.GetAdmin(1001) | admin, err := adminDb.GetAdmin(1001) | ||||
| if err != nil { | if err != nil { | ||||
| return nil, "", err | return nil, "", err | ||||
| } | } | ||||
| c.Set("is_open", true) | |||||
| return admin, "", nil | return admin, "", nil | ||||
| } | } | ||||
| } | } | ||||
+ 51
- 0
app/svc/svc_role.go
View File
| @@ -7,6 +7,7 @@ import ( | |||||
| db "code.fnuoos.com/zhimeng/model.git/src" | db "code.fnuoos.com/zhimeng/model.git/src" | ||||
| "code.fnuoos.com/zhimeng/model.git/src/implement" | "code.fnuoos.com/zhimeng/model.git/src/implement" | ||||
| "code.fnuoos.com/zhimeng/model.git/src/model" | "code.fnuoos.com/zhimeng/model.git/src/model" | ||||
| implement2 "code.fnuoos.com/zhimeng/model.git/src/super/implement" | |||||
| "encoding/json" | "encoding/json" | ||||
| "errors" | "errors" | ||||
| "fmt" | "fmt" | ||||
| @@ -67,6 +68,56 @@ func CheckUserRole(c *gin.Context, cacheKey, uri string, admId int) (isHasPermis | |||||
| return | return | ||||
| } | } | ||||
| func CheckUserRoleByOpen(c *gin.Context, cacheKey, uri string, masterId int) (isHasPermission bool, err error) { | |||||
| uri = utils.UriFilterExcludeQueryString(uri) // 去除uri中?后的query参数 | |||||
| isHasPermission = false | |||||
| var rolePermission []string | |||||
| var rolePermissionString string | |||||
| rolePermissionString, _ = cache.GetString(cacheKey) | |||||
| // TODO::判断是否在白名单中 | |||||
| if utils.InArr(uri, md.WhiteUri) { | |||||
| isHasPermission = true | |||||
| return | |||||
| } | |||||
| if rolePermissionString != "" { | |||||
| if err = json.Unmarshal([]byte(rolePermissionString), &rolePermission); err != nil { | |||||
| return | |||||
| } | |||||
| } else { | |||||
| userOpenPermissionDb := implement2.NewUserOpenPermissionDb(db.Db) | |||||
| list, _, err1 := userOpenPermissionDb.GetUserOpenPermission(masterId) | |||||
| if err1 != nil { | |||||
| return isHasPermission, err1 | |||||
| } | |||||
| for _, v := range list { | |||||
| rolePermission = append(rolePermission, v.OpenPermission.Action) | |||||
| } | |||||
| marshal, err1 := json.Marshal(rolePermission) | |||||
| if err1 != nil { | |||||
| return isHasPermission, err1 | |||||
| } | |||||
| rolePermissionString = string(marshal) | |||||
| _, err = cache.SetEx(cacheKey, rolePermissionString, md.AdminRolePermissionByOpenCacheTime) | |||||
| } | |||||
| if utils.InArr(uri, rolePermission) { | |||||
| isHasPermission = true | |||||
| } else { | |||||
| // 正则匹配占位符情况 | |||||
| compileRegex := regexp.MustCompile("[0-9]+") | |||||
| matchArr := compileRegex.FindAllString(uri, -1) | |||||
| if len(matchArr) > 0 { | |||||
| uri = strings.Replace(uri, matchArr[len(matchArr)-1], ":id", 1) | |||||
| if utils.InArr(uri, rolePermission) { | |||||
| isHasPermission = true | |||||
| } | |||||
| } | |||||
| } | |||||
| return | |||||
| } | |||||
| func DeleteRole(c *gin.Context, roleId int) (err error) { | func DeleteRole(c *gin.Context, roleId int) (err error) { | ||||
| engine := db.DBs[GetMasterId(c)] | engine := db.DBs[GetMasterId(c)] | ||||
| session := engine.NewSession() | session := engine.NewSession() | ||||
+ 1
- 1
go.mod
View File
| @@ -36,7 +36,7 @@ require ( | |||||
| require ( | require ( | ||||
| code.fnuoos.com/go_rely_warehouse/zyos_go_mq.git v0.0.5 | code.fnuoos.com/go_rely_warehouse/zyos_go_mq.git v0.0.5 | ||||
| code.fnuoos.com/go_rely_warehouse/zyos_go_third_party_api.git v1.1.21-0.20240830072333-a1980ffb256e | code.fnuoos.com/go_rely_warehouse/zyos_go_third_party_api.git v1.1.21-0.20240830072333-a1980ffb256e | ||||
| code.fnuoos.com/zhimeng/model.git v0.0.3-0.20241025084129-8b263ebe9032 | |||||
| code.fnuoos.com/zhimeng/model.git v0.0.3-0.20241028073907-ef7ecbd0db8d | |||||
| github.com/360EntSecGroup-Skylar/excelize v1.4.1 | github.com/360EntSecGroup-Skylar/excelize v1.4.1 | ||||
| github.com/jinzhu/copier v0.4.0 | github.com/jinzhu/copier v0.4.0 | ||||
| ) | ) | ||||