From 4889590b355c57a710c8aa451ec6152483713d75 Mon Sep 17 00:00:00 2001 From: momo <1012651275@qq.com> Date: Mon, 27 Nov 2023 14:46:50 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E6=A3=80=E9=AA=8C=E4=B8=AD?= =?UTF-8?q?=E9=97=B4=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- model/gmodel/fs_product_template_v2_gen.go | 4 +- model/gmodel/ldap_apis_gen.go | 1 + .../internal/handler/saveapihandler.go | 4 +- .../ldap-admin/internal/logic/saveapilogic.go | 13 ++- .../ldap-admin/internal/svc/servicecontext.go | 3 +- server/ldap-admin/internal/types/types.go | 1 + server_api/ldap-admin.api | 5 +- utils/ldap_lib/auth.go | 82 ++++++++++++++++++- utils/ldap_lib/ldap_group.go | 5 +- 9 files changed, 107 insertions(+), 11 deletions(-) diff --git a/model/gmodel/fs_product_template_v2_gen.go b/model/gmodel/fs_product_template_v2_gen.go index fc297d40..5689ee7b 100644 --- a/model/gmodel/fs_product_template_v2_gen.go +++ b/model/gmodel/fs_product_template_v2_gen.go @@ -11,9 +11,9 @@ type FsProductTemplateV2 struct { ModelId *int64 `gorm:"default:0;" json:"model_id"` // 模型ID Title *string `gorm:"default:'';" json:"title"` // 模板(sku),预留字段 Name *string `gorm:"default:'';" json:"name"` // 名称 - CoverImg *string `gorm:"default:'';" json:"cover_img"` // 模板背景图 + CoverImg *string `gorm:"default:'';" json:"cover_img"` // TemplateInfo *string `gorm:"default:'';" json:"template_info"` // 模板详情 - MaterialImg *string `gorm:"default:'';" json:"material_img"` // 合成好的贴图 + MaterialImg *string `gorm:"default:'';" json:"material_img"` // Sort *int64 `gorm:"default:0;" json:"sort"` // 排序 LogoWidth *int64 `gorm:"default:0;" json:"logo_width"` // logo图最大宽度 LogoHeight *int64 `gorm:"default:0;" json:"logo_height"` // logo图最大高度 diff --git a/model/gmodel/ldap_apis_gen.go b/model/gmodel/ldap_apis_gen.go index 3787591f..9eeddb54 100644 --- a/model/gmodel/ldap_apis_gen.go +++ b/model/gmodel/ldap_apis_gen.go @@ -8,6 +8,7 @@ import ( // ldap_apis api表 type LdapApis struct { Id int64 `gorm:"primary_key;default:0;auto_increment;" json:"id"` // + Name *string `gorm:"default:'';" json:"name"` // Method *string `gorm:"default:'';" json:"method"` // Path *string `gorm:"default:'';" json:"path"` // Category *string `gorm:"default:'';" json:"category"` // diff --git a/server/ldap-admin/internal/handler/saveapihandler.go b/server/ldap-admin/internal/handler/saveapihandler.go index 6048cb85..9388673c 100644 --- a/server/ldap-admin/internal/handler/saveapihandler.go +++ b/server/ldap-admin/internal/handler/saveapihandler.go @@ -15,7 +15,7 @@ func SaveApiHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { var req types.SaveApiReq - userinfo, err := basic.RequestParse(w, r, svcCtx, &req) + _, err := basic.RequestParse(w, r, svcCtx, &req) if err != nil { return } @@ -26,7 +26,7 @@ func SaveApiHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { rl := reflect.ValueOf(l) basic.BeforeLogic(w, r, rl) - resp := l.SaveApi(&req, userinfo) + resp := l.SaveApi(&req, r) if !basic.AfterLogic(w, r, rl, resp) { basic.NormalAfterLogic(w, r, resp) diff --git a/server/ldap-admin/internal/logic/saveapilogic.go b/server/ldap-admin/internal/logic/saveapilogic.go index 395aa01c..75976081 100644 --- a/server/ldap-admin/internal/logic/saveapilogic.go +++ b/server/ldap-admin/internal/logic/saveapilogic.go @@ -3,8 +3,8 @@ package logic import ( "errors" "fusenapi/model/gmodel" - "fusenapi/utils/auth" "fusenapi/utils/basic" + "net/http" "context" @@ -33,9 +33,14 @@ func NewSaveApiLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SaveApiLo // func (l *SaveApiLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } -func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) (resp *basic.Response) { +func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, r *http.Request) (resp *basic.Response) { // 返回值必须调用Set重新返回, resp可以空指针调用 resp.SetStatus(basic.CodeOK, data) // userinfo 传入值时, 一定不为null + + if !l.svcCtx.Ldap.VerifyAuthorityGroup(r) { + return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") + } + var err1 error if req.Id > 0 { resOne, err := l.svcCtx.AllModels.LdapApis.FindOneById(l.ctx, req.Id) @@ -48,6 +53,9 @@ func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) ( return resp.SetStatus(basic.CodeServiceErr) } var updateMap = make(map[string]interface{}) + if req.Name != "" { + updateMap["name"] = req.Name + } if req.Method != "" { updateMap["method"] = req.Method } @@ -63,6 +71,7 @@ func (l *SaveApiLogic) SaveApi(req *types.SaveApiReq, userinfo *auth.UserInfo) ( err1 = l.svcCtx.AllModels.LdapApis.UpdateOne(l.ctx, resOne, updateMap) } else { err1 = l.svcCtx.AllModels.LdapApis.InsertOne(l.ctx, gmodel.LdapApis{ + Name: &req.Name, Method: &req.Method, Path: &req.Path, Category: &req.Category, diff --git a/server/ldap-admin/internal/svc/servicecontext.go b/server/ldap-admin/internal/svc/servicecontext.go index 064d9e5c..9a87b808 100644 --- a/server/ldap-admin/internal/svc/servicecontext.go +++ b/server/ldap-admin/internal/svc/servicecontext.go @@ -5,6 +5,7 @@ import ( "fusenapi/model/gmodel" "fusenapi/server/ldap-admin/internal/config" "fusenapi/utils/ldap_lib" + "gorm.io/gorm" ) @@ -24,6 +25,6 @@ func NewServiceContext(c config.Config) *ServiceContext { MysqlConn: conn, AllModels: gmodel.NewAllModels(initalize.InitMysql(c.SourceMysql)), RabbitMq: initalize.InitRabbitMq(c.SourceRabbitMq, nil), - Ldap: ldap_lib.NewLdap(ldapConn, c.Ldap.BaseDN, c.Ldap.RootDN, c.Ldap.PeopleGroupDN, c.Auth.AccessSecret), + Ldap: ldap_lib.NewLdap(ldapConn, c.Ldap.BaseDN, c.Ldap.RootDN, c.Ldap.PeopleGroupDN, c.Auth.AccessSecret, conn), } } diff --git a/server/ldap-admin/internal/types/types.go b/server/ldap-admin/internal/types/types.go index 55c589df..0e6de870 100644 --- a/server/ldap-admin/internal/types/types.go +++ b/server/ldap-admin/internal/types/types.go @@ -67,6 +67,7 @@ type GetApisReq struct { type SaveApiReq struct { Id int64 `json:"id"` + Name string `json:"name"` Method string `json:"method"` Path string `json:"path"` Category string `json:"category"` diff --git a/server_api/ldap-admin.api b/server_api/ldap-admin.api index 93be5c6e..f18f90c8 100644 --- a/server_api/ldap-admin.api +++ b/server_api/ldap-admin.api @@ -22,7 +22,7 @@ service ldap-admin { //删除权限组 @handler DeleteLdapGroupHandler post /api/ldap-admin/delete_ldap_group(DeleteLdapGroupReq) returns (response); - + //权限组授权 @handler SetLdapGroupAuthHandler post /api/ldap-admin/set_ldap_group_auth(SetLdapGroupAuthReq) returns (response); @@ -35,7 +35,7 @@ service ldap-admin { //删除API @handler DeleteApiHandler post /api/ldap-admin/delete_api(DeleteApiReq) returns (response); - + //保存菜单 @handler SaveMenuHandler post /api/ldap-admin/save_menu(SaveMenuReq) returns (response); @@ -153,6 +153,7 @@ type GetApisReq { type SaveApiReq { Id int64 `json:"id"` + Name string `json:"name"` Method string `json:"method"` Path string `json:"path"` Category string `json:"category"` diff --git a/utils/ldap_lib/auth.go b/utils/ldap_lib/auth.go index 7b725867..79e86581 100644 --- a/utils/ldap_lib/auth.go +++ b/utils/ldap_lib/auth.go @@ -1,8 +1,12 @@ package ldap_lib import ( - "github.com/zeromicro/go-zero/core/logx" + "encoding/json" + "fusenapi/model/gmodel" + "fusenapi/utils/basic" "net/http" + + "github.com/zeromicro/go-zero/core/logx" ) type LdapVerifyType string @@ -39,3 +43,79 @@ func (l *Ldap) VerifyAuthority(r *http.Request, options ...LdapOptions) bool { } return true } + +// 验证权限组 +func (l *Ldap) VerifyAuthorityGroup(r *http.Request, options ...LdapOptions) bool { + token := r.Header.Get("Ldap-Authorization") + info, err := l.ParseJwtToken(token, l.jwtSecret) + if err != nil { + logx.Error("解析token失败", err, "----token:", token) + return false + } + //查询ldap + userInfo, err := l.GetLdapUserInfo(info.UserDN) + if err != nil { + logx.Error("获取ldap用户信息失败", err, "----user_dn:", info.UserDN) + } + if userInfo.GroupId != 0 { + return false + } + var groupId = userInfo.GroupId + + // var err error + // var groupId = 6 + + // 当前API路由 + path := r.URL.Path + var infoLdapApis gmodel.LdapApis + resLdapApis := l.MysqlConn.Model(gmodel.LdapApis{}).Where("path = ? AND method = ?", path, r.Method).Take(&infoLdapApis) + if resLdapApis.Error != nil { + err = resLdapApis.Error + logx.Error("获取ldap用户信息权限组失败", err) + return false + } + apiId := infoLdapApis.Id + + var infoLdapGroup gmodel.LdapGroup + resLdapGroup := l.MysqlConn.Model(gmodel.LdapGroup{}).Where("id = ?", groupId).Take(&infoLdapGroup) + if resLdapGroup.Error != nil { + err = resLdapGroup.Error + logx.Error("获取ldap用户信息权限组失败", err) + return false + } + var apiMaps = make(map[int64]string, 100) + var metadata []*GroupAuthMetadata + if infoLdapGroup.Metadata != nil { + err := json.Unmarshal(*infoLdapGroup.Metadata, &metadata) + if err != nil { + basic.CodeServiceErr.Message = "系统出错" + return false + } + getAllApis(metadata, &apiMaps) + } + if _, ok := apiMaps[apiId]; ok { + return true + } else { + return false + } +} + +func getAllApis(metadata []*GroupAuthMetadata, apiMaps *map[int64]string) { + apiMapsData := *apiMaps + for _, v := range metadata { + if v.Type == "api" { + apiMapsData[v.Id] = v.Name + } else if v.Type == "group" { + getAllApis(v.Metadata, apiMaps) + } else { + continue + } + } +} + +type GroupAuthMetadata struct { + Id int64 `json:"id"` + Name string `json:"name"` + Type string `json:"type"` + Metadata []*GroupAuthMetadata `json:"metadata"` +} diff --git a/utils/ldap_lib/ldap_group.go b/utils/ldap_lib/ldap_group.go index a94acefb..ba249c99 100644 --- a/utils/ldap_lib/ldap_group.go +++ b/utils/ldap_lib/ldap_group.go @@ -5,6 +5,7 @@ import ( "strings" "github.com/go-ldap/ldap/v3" + "gorm.io/gorm" ) type Ldap struct { @@ -13,15 +14,17 @@ type Ldap struct { conn *ldap.Conn peopleGroupDN string jwtSecret string + MysqlConn *gorm.DB } -func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string) *Ldap { +func NewLdap(conn *ldap.Conn, baseDN, rootDN, peopleGroupDN, jwtSecret string, mysqlConn *gorm.DB) *Ldap { return &Ldap{ baseDN: baseDN, rootDN: rootDN, conn: conn, peopleGroupDN: peopleGroupDN, jwtSecret: jwtSecret, + MysqlConn: mysqlConn, } }