From 040016d88f75c8d695986f46fb46c8b52ffeae48 Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Tue, 21 Nov 2023 18:19:14 +0800
Subject: [PATCH] fix

---
 .../internal/logic/addldaporganizationmemberlogic.go      | 2 +-
 .../internal/logic/createldaporganizationlogic.go         | 2 +-
 .../internal/logic/createldapuserbasegrouplogic.go        | 2 +-
 server/ldap-admin/internal/logic/createldapuserlogic.go   | 2 +-
 .../internal/logic/deleteldaporganizationlogic.go         | 2 +-
 server/ldap-admin/internal/logic/deleteldapuserlogic.go   | 2 +-
 .../internal/logic/getldaporganizationmemberslogic.go     | 2 +-
 .../internal/logic/getldaporganizationslogic.go           | 2 +-
 server/ldap-admin/internal/logic/getldapuserinfologic.go  | 2 +-
 server/ldap-admin/internal/logic/getldapuserslogic.go     | 2 +-
 .../internal/logic/removeldaporganizationmemberlogic.go   | 2 +-
 .../internal/logic/updateldaporganizationlogic.go         | 2 +-
 server/ldap-admin/internal/logic/updateldapuserlogic.go   | 2 +-
 .../ldap-admin/internal/logic/updateldapuserpwdlogic.go   | 2 +-
 utils/ldap_lib/auth.go                                    | 8 ++++++--
 15 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go b/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go
index b4ab1baf..5af22f51 100644
--- a/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go
+++ b/server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go
@@ -35,7 +35,7 @@ func NewAddLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.ServiceC
 
 func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.AddLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
diff --git a/server/ldap-admin/internal/logic/createldaporganizationlogic.go b/server/ldap-admin/internal/logic/createldaporganizationlogic.go
index 8c516337..516ec163 100644
--- a/server/ldap-admin/internal/logic/createldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/createldaporganizationlogic.go
@@ -35,7 +35,7 @@ func NewCreateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 
 func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationEnName = strings.Trim(req.OrganizationEnName, " ")
diff --git a/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go b/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go
index 45a7337e..4bdebd17 100644
--- a/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go
+++ b/server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go
@@ -33,7 +33,7 @@ func NewCreateLdapUserBaseGroupLogic(ctx context.Context, svcCtx *svc.ServiceCon
 
 func (l *CreateLdapUserBaseGroupLogic) CreateLdapUserBaseGroup(req *types.Request, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	err := ldapServer.Create(l.svcCtx.Config.Ldap.PeopleGroupDN, map[string][]string{
diff --git a/server/ldap-admin/internal/logic/createldapuserlogic.go b/server/ldap-admin/internal/logic/createldapuserlogic.go
index 8d20d238..ecbee775 100644
--- a/server/ldap-admin/internal/logic/createldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/createldapuserlogic.go
@@ -41,7 +41,7 @@ func NewCreateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Cr
 
 func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserName = strings.Trim(req.UserName, " ")
diff --git a/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go b/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go
index d82d8f34..341cebeb 100644
--- a/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/deleteldaporganizationlogic.go
@@ -34,7 +34,7 @@ func NewDeleteLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 
 func (l *DeleteLdapOrganizationLogic) DeleteLdapOrganization(req *types.DeleteLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
diff --git a/server/ldap-admin/internal/logic/deleteldapuserlogic.go b/server/ldap-admin/internal/logic/deleteldapuserlogic.go
index 1640eefc..6ba9f5fe 100644
--- a/server/ldap-admin/internal/logic/deleteldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/deleteldapuserlogic.go
@@ -34,7 +34,7 @@ func NewDeleteLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *De
 
 func (l *DeleteLdapUserLogic) DeleteLdapUser(req *types.DeleteLdapUserReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserDN = strings.Trim(req.UserDN, " ")
diff --git a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
index 47f938c3..d9219c7f 100644
--- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
@@ -36,7 +36,7 @@ func NewGetLdapOrganizationMembersLogic(ctx context.Context, svcCtx *svc.Service
 
 func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.GetLdapOrganizationMembersReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
diff --git a/server/ldap-admin/internal/logic/getldaporganizationslogic.go b/server/ldap-admin/internal/logic/getldaporganizationslogic.go
index 2824326c..be137ae8 100644
--- a/server/ldap-admin/internal/logic/getldaporganizationslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationslogic.go
@@ -44,7 +44,7 @@ type DNItem struct {
 
 func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	//从ldap获取组织架构数据
diff --git a/server/ldap-admin/internal/logic/getldapuserinfologic.go b/server/ldap-admin/internal/logic/getldapuserinfologic.go
index d9b3cea2..c212cf0c 100644
--- a/server/ldap-admin/internal/logic/getldapuserinfologic.go
+++ b/server/ldap-admin/internal/logic/getldapuserinfologic.go
@@ -33,7 +33,7 @@ func NewGetLdapUserInfoLogic(ctx context.Context, svcCtx *svc.ServiceContext) *G
 
 func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
diff --git a/server/ldap-admin/internal/logic/getldapuserslogic.go b/server/ldap-admin/internal/logic/getldapuserslogic.go
index 59291afe..bd6a7c9d 100644
--- a/server/ldap-admin/internal/logic/getldapuserslogic.go
+++ b/server/ldap-admin/internal/logic/getldapuserslogic.go
@@ -34,7 +34,7 @@ func NewGetLdapUsersLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetL
 
 func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.PageCookie = strings.Trim(req.PageCookie, " ")
diff --git a/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go b/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go
index e59978cb..f60243ec 100644
--- a/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go
+++ b/server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go
@@ -35,7 +35,7 @@ func NewRemoveLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.Servi
 
 func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *types.RemoveLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
diff --git a/server/ldap-admin/internal/logic/updateldaporganizationlogic.go b/server/ldap-admin/internal/logic/updateldaporganizationlogic.go
index abba0495..e30d1d3f 100644
--- a/server/ldap-admin/internal/logic/updateldaporganizationlogic.go
+++ b/server/ldap-admin/internal/logic/updateldaporganizationlogic.go
@@ -34,7 +34,7 @@ func NewUpdateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 
 func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
diff --git a/server/ldap-admin/internal/logic/updateldapuserlogic.go b/server/ldap-admin/internal/logic/updateldapuserlogic.go
index 269d1fb6..d7b60c2c 100644
--- a/server/ldap-admin/internal/logic/updateldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/updateldapuserlogic.go
@@ -39,7 +39,7 @@ func NewUpdateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Up
 
 func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserDN = strings.Trim(req.UserDN, " ")
diff --git a/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
index 983256a0..c943c83f 100644
--- a/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
+++ b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
@@ -36,7 +36,7 @@ func NewUpdateLdapUserPwdLogic(ctx context.Context, svcCtx *svc.ServiceContext)
 
 func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdReq, r *http.Request) (resp *basic.Response) {
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
-	if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
+	if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserDN = strings.Trim(req.UserDN, " ")
diff --git a/utils/ldap_lib/auth.go b/utils/ldap_lib/auth.go
index fe550433..be05acea 100644
--- a/utils/ldap_lib/auth.go
+++ b/utils/ldap_lib/auth.go
@@ -1,9 +1,13 @@
 package ldap_lib
 
-import "github.com/zeromicro/go-zero/core/logx"
+import (
+	"github.com/zeromicro/go-zero/core/logx"
+	"net/http"
+)
 
 // 验证权限
-func (l *Ldap) VerifyAuthority(token, jwtSecret string) bool {
+func (l *Ldap) VerifyAuthority(r *http.Request, jwtSecret string) bool {
+	token := r.Header.Get("Ldap-Authorization")
 	info, err := l.ParseJwtToken(token, jwtSecret)
 	if err != nil {
 		logx.Error("解析token失败", err, "----token:", token)