From 4889590b355c57a710c8aa451ec6152483713d75 Mon Sep 17 00:00:00 2001
From: momo <1012651275@qq.com>
Date: Mon, 27 Nov 2023 14:46:50 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E6=A3=80=E9=AA=8C=E4=B8=AD?=
=?UTF-8?q?=E9=97=B4=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
model/gmodel/fs_product_template_v2_gen.go | 4 +-
model/gmodel/ldap_apis_gen.go | 1 +
.../internal/handler/saveapihandler.go | 4 +-
.../ldap-admin/internal/logic/saveapilogic.go | 13 ++-
.../ldap-admin/internal/svc/servicecontext.go | 3 +-
server/ldap-admin/internal/types/types.go | 1 +
server_api/ldap-admin.api | 5 +-
utils/ldap_lib/auth.go | 82 ++++++++++++++++++-
utils/ldap_lib/ldap_group.go | 5 +-
9 files changed, 107 insertions(+), 11 deletions(-)
diff --git a/model/gmodel/fs_product_template_v2_gen.go b/model/gmodel/fs_product_template_v2_gen.go
index fc297d40..5689ee7b 100644
--- a/model/gmodel/fs_product_template_v2_gen.go
+++ b/model/gmodel/fs_product_template_v2_gen.go
@@ -11,9 +11,9 @@ type FsProductTemplateV2 struct {
ModelId *int64 `gorm:"default:0;" json:"model_id"` // 模型ID
Title *string `gorm:"default:'';" json:"title"` // 模板(sku),预留字段
Name *string `gorm:"default:'';" json:"name"` // 名称
- CoverImg *string `gorm:"default:'';" json:"cover_img"` // 模板背景图
+ CoverImg *string `gorm:"default:'';" json:"cover_img"` //
TemplateInfo *string `gorm:"default:'';" json:"template_info"` // 模板详情
- MaterialImg *string `gorm:"default:'';" json:"material_img"` // 合成好的贴图
+ MaterialImg *string `gorm:"default:'';" json:"material_img"` //
Sort *int64 `gorm:"default:0;" json:"sort"` // 排序
LogoWidth *int64 `gorm:"default:0;" json:"logo_width"` // logo图最大宽度
LogoHeight *int64 `gorm:"default:0;" json:"logo_height"` // logo图最大高度
diff --git a/model/gmodel/ldap_apis_gen.go b/model/gmodel/ldap_apis_gen.go
index 3787591f..9eeddb54 100644
--- a/model/gmodel/ldap_apis_gen.go
+++ b/model/gmodel/ldap_apis_gen.go
@@ -8,6 +8,7 @@ import (
// ldap_apis api表
type LdapApis struct {
Id int64 `gorm:"primary_key;default:0;auto_increment;" json:"id"` //
+ Name *string `gorm:"default:'';" json:"name"` //
Method *string `gorm:"default:'';" json:"method"` //
Path *string `gorm:"default:'';" json:"path"` //
Category *string `gorm:"default:'';" json:"category"` //
diff --git a/server/ldap-admin/internal/handler/saveapihandler.go b/server/ldap-admin/internal/handler/saveapihandler.go
index 6048cb85..9388673c 100644
--- a/server/ldap-admin/internal/handler/saveapihandler.go
+++ b/server/ldap-admin/internal/handler/saveapihandler.go
@@ -15,7 +15,7 @@ func SaveApiHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var req types.SaveApiReq
- userinfo, err := basic.RequestParse(w, r, svcCtx, &req)
+ _, err := basic.RequestParse(w, r, svcCtx, &req)
if err != nil {
return
}
@@ -26,7 +26,7 @@ func SaveApiHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
rl := reflect.ValueOf(l)
basic.BeforeLogic(w, r, rl)
- resp := l.SaveApi(&req, userinfo)
+ resp := l.SaveApi(&req, r)
if !basic.AfterLogic(w, r, rl, resp) {
basic.NormalAfterLogic(w, r, resp)
diff --git a/server/ldap-admin/internal/logic/saveapilogic.go b/server/ldap-admin/internal/logic/saveapilogic.go
index 395aa01c..75976081 100644
--- a/server/ldap-admin/internal/logic/saveapilogic.go
+++ b/server/ldap-admin/internal/logic/saveapilogic.go
@@ -3,8 +3,8 @@ package logic
import (
"errors"
"fusenapi/model/gmodel"
- "fusenapi/utils/auth"
"fusenapi/utils/basic"
+ "net/http"
"context"
@@ -33,9 +33,14 @@ func NewSaveApiLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SaveApiLo
// func (l *SaveApiLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
// }
-func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (resp *basic.Response) {
+func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, r *http.Request) (resp *basic.Response) {
// 返回值必须调用Set重新返回, resp可以空指针调用 resp.SetStatus(basic.CodeOK, data)
// userinfo 传入值时, 一定不为null
+
+ if !l.svcCtx.Ldap.VerifyAuthorityGroup(r) {
+ return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
+ }
+
var err1 error
if req.Id > 0 {
resOne, err := l.svcCtx.AllModels.LdapApis.FindOneById(l.ctx, req.Id)
@@ -48,6 +53,9 @@ func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (
return resp.SetStatus(basic.CodeServiceErr)
}
var updateMap = make(map[string]interface{})
+ if req.Name != "" {
+ updateMap["name"] = req.Name
+ }
if req.Method != "" {
updateMap["method"] = req.Method
}
@@ -63,6 +71,7 @@ func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (
err1 = l.svcCtx.AllModels.LdapApis.UpdateOne(l.ctx, resOne, updateMap)
} else {
err1 = l.svcCtx.AllModels.LdapApis.InsertOne(l.ctx, gmodel.LdapApis{
+ Name: &req.Name,
Method: &req.Method,
Path: &req.Path,
Category: &req.Category,
diff --git a/server/ldap-admin/internal/svc/servicecontext.go b/server/ldap-admin/internal/svc/servicecontext.go
index 064d9e5c..9a87b808 100644
--- a/server/ldap-admin/internal/svc/servicecontext.go
+++ b/server/ldap-admin/internal/svc/servicecontext.go
@@ -5,6 +5,7 @@ import (
"fusenapi/model/gmodel"
"fusenapi/server/ldap-admin/internal/config"
"fusenapi/utils/ldap_lib"
+
"gorm.io/gorm"
)
@@ -24,6 +25,6 @@ func NewServiceContext(c config.Config) *ServiceContext {
MysqlConn: conn,
AllModels: gmodel.NewAllModels(initalize.InitMysql(c.SourceMysql)),
RabbitMq: initalize.InitRabbitMq(c.SourceRabbitMq, nil),
- Ldap: ldap_lib.NewLdap(ldapConn, c.Ldap.BaseDN, c.Ldap.RootDN, c.Ldap.PeopleGroupDN, c.Auth.AccessSecret),
+ Ldap: ldap_lib.NewLdap(ldapConn, c.Ldap.BaseDN, c.Ldap.RootDN, c.Ldap.PeopleGroupDN, c.Auth.AccessSecret, conn),
}
}
diff --git a/server/ldap-admin/internal/types/types.go b/server/ldap-admin/internal/types/types.go
index 55c589df..0e6de870 100644
--- a/server/ldap-admin/internal/types/types.go
+++ b/server/ldap-admin/internal/types/types.go
@@ -67,6 +67,7 @@ type GetApisReq struct {
type SaveApiReq struct {
Id int64 `json:"id"`
+ Name string `json:"name"`
Method string `json:"method"`
Path string `json:"path"`
Category string `json:"category"`
diff --git a/server_api/ldap-admin.api b/server_api/ldap-admin.api
index 93be5c6e..f18f90c8 100644
--- a/server_api/ldap-admin.api
+++ b/server_api/ldap-admin.api
@@ -22,7 +22,7 @@ service ldap-admin {
//删除权限组
@handler DeleteLdapGroupHandler
post /api/ldap-admin/delete_ldap_group(DeleteLdapGroupReq) returns (response);
-
+
//权限组授权
@handler SetLdapGroupAuthHandler
post /api/ldap-admin/set_ldap_group_auth(SetLdapGroupAuthReq) returns (response);
@@ -35,7 +35,7 @@ service ldap-admin {
//删除API
@handler DeleteApiHandler
post /api/ldap-admin/delete_api(DeleteApiReq) returns (response);
-
+
//保存菜单
@handler SaveMenuHandler
post /api/ldap-admin/save_menu(SaveMenuReq) returns (response);
@@ -153,6 +153,7 @@ type GetApisReq {
type SaveApiReq {
Id int64 `json:"id"`
+ Name string `json:"name"`
Method string `json:"method"`
Path string `json:"path"`
Category string `json:"category"`
diff --git a/utils/ldap_lib/auth.go b/utils/ldap_lib/auth.go
index 7b725867..79e86581 100644
--- a/utils/ldap_lib/auth.go
+++ b/utils/ldap_lib/auth.go
@@ -1,8 +1,12 @@
package ldap_lib
import (
- "github.com/zeromicro/go-zero/core/logx"
+ "encoding/json"
+ "fusenapi/model/gmodel"
+ "fusenapi/utils/basic"
"net/http"
+
+ "github.com/zeromicro/go-zero/core/logx"
)
type LdapVerifyType string
@@ -39,3 +43,79 @@ func (l *Ldap) VerifyAuthority(r *http.Request, options ...LdapOptions) bool {
}
return true
}
+
+// 验证权限组
+func (l *Ldap) VerifyAuthorityGroup(r *http.Request, options ...LdapOptions) bool {
+ token := r.Header.Get("Ldap-Authorization")
+ info, err := l.ParseJwtToken(token, l.jwtSecret)
+ if err != nil {
+ logx.Error("解析token失败", err, "----token:", token)
+ return false
+ }
+ //查询ldap
+ userInfo, err := l.GetLdapUserInfo(info.UserDN)
+ if err != nil {
+ logx.Error("获取ldap用户信息失败", err, "----user_dn:", info.UserDN)
+ }
+ if userInfo.GroupId != 0 {
+ return false
+ }
+ var groupId = userInfo.GroupId
+
+ // var err error
+ // var groupId = 6
+
+ // 当前API路由
+ path := r.URL.Path
+ var infoLdapApis gmodel.LdapApis
+ resLdapApis := l.MysqlConn.Model(gmodel.LdapApis{}).Where("path = ? AND method = ?", path, r.Method).Take(&infoLdapApis)
+ if resLdapApis.Error != nil {
+ err = resLdapApis.Error
+ logx.Error("获取ldap用户信息权限组失败", err)
+ return false
+ }
+ apiId := infoLdapApis.Id
+
+ var infoLdapGroup gmodel.LdapGroup
+ resLdapGroup := l.MysqlConn.Model(gmodel.LdapGroup{}).Where("id = ?", groupId).Take(&infoLdapGroup)
+ if resLdapGroup.Error != nil {
+ err = resLdapGroup.Error
+ logx.Error("获取ldap用户信息权限组失败", err)
+ return false
+ }
+ var apiMaps = make(map[int64]string, 100)
+ var metadata []*GroupAuthMetadata
+ if infoLdapGroup.Metadata != nil {
+ err := json.Unmarshal(*infoLdapGroup.Metadata, &metadata)
+ if err != nil {
+ basic.CodeServiceErr.Message = "系统出错"
+ return false
+ }
+ getAllApis(metadata, &apiMaps)
+ }
+ if _, ok := apiMaps[apiId]; ok {
+ return true
+ } else {
+ return false
+ }
+}
+
+func getAllApis(metadata []*GroupAuthMetadata, apiMaps *map[int64]string) {
+ apiMapsData := *apiMaps
+ for _, v := range metadata {
+ if v.Type == "api" {
+ apiMapsData[v.Id] = v.Name
+ } else if v.Type == "group" {
+ getAllApis(v.Metadata, apiMaps)
+ } else {
+ continue
+ }
+ }
+}
+
+type GroupAuthMetadata struct {
+ Id int64 `json:"id"`
+ Name string `json:"name"`
+ Type string `json:"type"`
+ Metadata []*GroupAuthMetadata `json:"metadata"`
+}
diff --git a/utils/ldap_lib/ldap_group.go b/utils/ldap_lib/ldap_group.go
index a94acefb..ba249c99 100644
--- a/utils/ldap_lib/ldap_group.go
+++ b/utils/ldap_lib/ldap_group.go
@@ -5,6 +5,7 @@ import (
"strings"
"github.com/go-ldap/ldap/v3"
+ "gorm.io/gorm"
)
type Ldap struct {
@@ -13,15 +14,17 @@ type Ldap struct {
conn *ldap.Conn
peopleGroupDN string
jwtSecret string
+ MysqlConn *gorm.DB
}
-func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string) *Ldap {
+func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string, mysqlConn *gorm.DB) *Ldap {
return &Ldap{
baseDN: baseDN,
rootDN: rootDN,
conn: conn,
peopleGroupDN: peopleGroupDN,
jwtSecret: jwtSecret,
+ MysqlConn: mysqlConn,
}
}