feat：完善项目

2022-01-15 11:54:05 +08:00
parent 048d116b05
commit c5fb6023f3
18 changed files with 191 additions and 129 deletions
--- a/router/auth.go
+++ b/router/auth.go
@ -6,6 +6,7 @@ import (
 	"SciencesServer/app/session"
 	"SciencesServer/config"
 	"SciencesServer/utils"
+	"fmt"
 	"github.com/gin-gonic/gin"
 	"net/http"
 )
@ -27,6 +28,7 @@ func AddSkipperURL(url ...string) SkipperURL {
 // NeedLogin 需要登录
 func NeedLogin(key string, session logic.ISession, skipperURL ...SkipperURL) gin.HandlerFunc {
 	return func(c *gin.Context) {
+		fmt.Println(c.Request.URL.Path)
 		if len(skipperURL) > 0 && skipperURL[0](c) {
 			c.Next()
 			return
@ -50,41 +52,48 @@ func NeedLogin(key string, session logic.ISession, skipperURL ...SkipperURL) gin
 	}
 }

-func NeedHaveIdentity() gin.HandlerFunc {
-	return func(c *gin.Context) {
-
-	}
-}
-
 // NeedPermission 需要权限验证
-func NeedPermission(skipperURL ...SkipperURL) PermissionHandle {
-	return func(key string) gin.HandlerFunc {
-		return func(c *gin.Context) {
-			if len(skipperURL) > 0 && skipperURL[0](c) {
-				c.Next()
-				return
-			}
-			value, _ := c.Get(config.TokenForSession)
-			_session := value.(*session.Admin)
-
-			if !_session.IsAdmin {
-				if _session.TenantID > 0 {
-					//if isExist, _ := cache.Cache.SIsMember(config.RedisKeyForTenant, _session.TenantKey); !isExist {
-					//	c.JSON(http.StatusForbidden, gin.H{"message": "租户/公司信息协议已到期或已被禁用，无权限访问！"})
-					//	c.Abort()
-					//	return
-					//}
-				}
-				//if pass, _ := service.NewPermission(nil, &service.AuthRequest{
-				//	Url:    key,
-				//	Method: c.Request.Method,
-				//})(_session.TenantKey, fmt.Sprintf("%d", _session.UID)).Enforce(); !pass {
-				//	c.JSON(http.StatusOK, gin.H{"code": http.StatusForbidden, "msg": "无权限访问！"})
-				//	c.Abort()
-				//	return
-				//}
-			}
+func NeedPermission(skipperURL ...SkipperURL) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if len(skipperURL) > 0 && skipperURL[0](c) {
 			c.Next()
+			return
 		}
+		value, _ := c.Get(config.TokenForSession)
+		_session := value.(*session.Admin)
+
+		if _session.IsAdmin && _session.TenantID <= 0 {
+			c.Next()
+			return
+		}
+		pass, err := service.NewPermission(
+			service.WithAuthTenant(_session.TenantIDFormat()),
+			service.WithAuthUser(_session.UIDFormat()),
+			service.WithAuthRequest([]*service.AuthRequest{
+				&service.AuthRequest{
+					Url:    c.Request.URL.Path,
+					Method: c.Request.Method,
+				},
+			}),
+		).Enforce()
+
+		if err != nil {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"message": fmt.Sprintf("权限验证错误【%v】，请联系管理员！", err),
+			})
+			c.Abort()
+			return
+		} else if !pass {
+			c.JSON(http.StatusForbidden, gin.H{"message": "无权限访问！"})
+			c.Abort()
+			return
+		}
+		c.Next()
+	}
+}
+
+func NeedAuthIdentity() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Next()
 	}
 }