权限检验中间件

2023-11-27 14:46:50 +08:00
parent 205767efd5
commit 4889590b35
9 changed files with 107 additions and 11 deletions
--- a/utils/ldap_lib/auth.go
+++ b/utils/ldap_lib/auth.go
@@ -1,8 +1,12 @@
 package ldap_lib

 import (
-	"github.com/zeromicro/go-zero/core/logx"
+	"encoding/json"
+	"fusenapi/model/gmodel"
+	"fusenapi/utils/basic"
 	"net/http"
+
+	"github.com/zeromicro/go-zero/core/logx"
 )

 type LdapVerifyType string
@@ -39,3 +43,79 @@ func (l *Ldap) VerifyAuthority(r *http.Request, options ...LdapOptions) bool {
 	}
 	return true
 }
+
+// 验证权限组
+func (l *Ldap) VerifyAuthorityGroup(r *http.Request, options ...LdapOptions) bool {
+	token := r.Header.Get("Ldap-Authorization")
+	info, err := l.ParseJwtToken(token, l.jwtSecret)
+	if err != nil {
+		logx.Error("解析token失败", err, "----token:", token)
+		return false
+	}
+	//查询ldap
+	userInfo, err := l.GetLdapUserInfo(info.UserDN)
+	if err != nil {
+		logx.Error("获取ldap用户信息失败", err, "----user_dn:", info.UserDN)
+	}
+	if userInfo.GroupId != 0 {
+		return false
+	}
+	var groupId = userInfo.GroupId
+
+	// var err error
+	// var groupId = 6
+
+	// 当前API路由
+	path := r.URL.Path
+	var infoLdapApis gmodel.LdapApis
+	resLdapApis := l.MysqlConn.Model(gmodel.LdapApis{}).Where("path = ? AND method = ?", path, r.Method).Take(&infoLdapApis)
+	if resLdapApis.Error != nil {
+		err = resLdapApis.Error
+		logx.Error("获取ldap用户信息权限组失败", err)
+		return false
+	}
+	apiId := infoLdapApis.Id
+
+	var infoLdapGroup gmodel.LdapGroup
+	resLdapGroup := l.MysqlConn.Model(gmodel.LdapGroup{}).Where("id = ?", groupId).Take(&infoLdapGroup)
+	if resLdapGroup.Error != nil {
+		err = resLdapGroup.Error
+		logx.Error("获取ldap用户信息权限组失败", err)
+		return false
+	}
+	var apiMaps = make(map[int64]string, 100)
+	var metadata []*GroupAuthMetadata
+	if infoLdapGroup.Metadata != nil {
+		err := json.Unmarshal(*infoLdapGroup.Metadata, &metadata)
+		if err != nil {
+			basic.CodeServiceErr.Message = "系统出错"
+			return false
+		}
+		getAllApis(metadata, &apiMaps)
+	}
+	if _, ok := apiMaps[apiId]; ok {
+		return true
+	} else {
+		return false
+	}
+}
+
+func getAllApis(metadata []*GroupAuthMetadata, apiMaps *map[int64]string) {
+	apiMapsData := *apiMaps
+	for _, v := range metadata {
+		if v.Type == "api" {
+			apiMapsData[v.Id] = v.Name
+		} else if v.Type == "group" {
+			getAllApis(v.Metadata, apiMaps)
+		} else {
+			continue
+		}
+	}
+}
+
+type GroupAuthMetadata struct {
+	Id       int64                `json:"id"`
+	Name     string               `json:"name"`
+	Type     string               `json:"type"`
+	Metadata []*GroupAuthMetadata `json:"metadata"`
+}
--- a/utils/ldap_lib/ldap_group.go
+++ b/utils/ldap_lib/ldap_group.go
@@ -5,6 +5,7 @@ import (
 	"strings"

 	"github.com/go-ldap/ldap/v3"
+	"gorm.io/gorm"
 )

 type Ldap struct {
@@ -13,15 +14,17 @@ type Ldap struct {
 	conn          *ldap.Conn
 	peopleGroupDN string
 	jwtSecret     string
+	MysqlConn     *gorm.DB
 }

-func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string) *Ldap {
+func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string, mysqlConn *gorm.DB) *Ldap {
 	return &Ldap{
 		baseDN:        baseDN,
 		rootDN:        rootDN,
 		conn:          conn,
 		peopleGroupDN: peopleGroupDN,
 		jwtSecret:     jwtSecret,
+		MysqlConn:     mysqlConn,
 	}
 }