cas_tt_cloud_backend/router/auth.go

package router

import (
	"SciencesServer/app/logic"
	"SciencesServer/app/service"
	"SciencesServer/app/session"
	"SciencesServer/config"
	"SciencesServer/utils"
	"fmt"
	"github.com/gin-gonic/gin"
	"net/http"
)

// SkipperURL 跳过验证
type SkipperURL func(*gin.Context) bool

// PermissionHandle 权限验证
type PermissionHandle func(key string) gin.HandlerFunc

// AddSkipperURL 添加路由
func AddSkipperURL(url ...string) SkipperURL {
	return func(c *gin.Context) bool {
		path := c.Request.URL.Path
		return utils.InArray(path, url)
	}
}

// NeedLogin 需要登录
func NeedLogin(key string, session logic.ISession, skipperURL ...SkipperURL) gin.HandlerFunc {
	return func(c *gin.Context) {
		if len(skipperURL) > 0 && skipperURL[0](c) {
			c.Next()
			return
		}
		token := c.GetHeader(config.APIRequestToken)

		if token == "" {
			c.JSON(http.StatusUnauthorized, gin.H{"message": "Token异常"})
			c.Abort()
			return
		}
		err := service.NewAuthToken(token).Auth(key, session)

		if err != nil {
			c.JSON(http.StatusUnauthorized, gin.H{"message": err.Error()})
			c.Abort()
			return
		}
		c.Set(config.TokenForSession, session)
		c.Next()
	}
}

// NeedPermission 需要权限验证
func NeedPermission(skipperURL ...SkipperURL) gin.HandlerFunc {
	return func(c *gin.Context) {
		if len(skipperURL) > 0 && skipperURL[0](c) {
			c.Next()
			return
		}
		value, _ := c.Get(config.TokenForSession)
		_session := value.(*session.Admin)

		if _session.IsAdmin || _session.IsSystemAdmin {
			c.Next()
			return
		}
		pass, err := service.NewPermission(
			service.WithAuthTenant(_session.TenantIDFormat()),
			service.WithAuthUser(_session.GetStringUID()),
			service.WithAuthRequest([]*service.AuthRequest{
				&service.AuthRequest{
					Url:    c.Request.URL.Path,
					Method: c.Request.Method,
				},
			}),
		).Enforce()

		if err != nil {
			c.JSON(http.StatusUnauthorized, gin.H{
				"message": fmt.Sprintf("权限验证错误【%v】，请联系管理员！", err),
			})
			c.Abort()
			return
		} else if !pass {
			c.JSON(http.StatusForbidden, gin.H{"message": "无权限访问！"})
			c.Abort()
			return
		}
		c.Next()
	}
}

func NeedAuthIdentity() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Next()
	}
}