权限检验中间件
This commit is contained in:
momo
@@ -2,10 +2,13 @@ package ldap_lib
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"fusenapi/model/gmodel"
|
||||
"fusenapi/utils/basic"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/patrickmn/go-cache"
|
||||
"github.com/zeromicro/go-zero/core/logx"
|
||||
)
|
||||
|
||||
@@ -61,38 +64,61 @@ func (l *Ldap) VerifyAuthorityGroup(r *http.Request, options ...LdapOptions) boo
|
||||
return false
|
||||
}
|
||||
var groupId = userInfo.GroupId
|
||||
var apiId int64 = 0
|
||||
var apiMaps = make(map[int64]string, 100)
|
||||
|
||||
// var err error
|
||||
// var groupId = 6
|
||||
|
||||
// 当前API路由
|
||||
path := r.URL.Path
|
||||
var infoLdapApis gmodel.LdapApis
|
||||
resLdapApis := l.MysqlConn.Model(gmodel.LdapApis{}).Where("path = ? AND method = ?", path, r.Method).Take(&infoLdapApis)
|
||||
if resLdapApis.Error != nil {
|
||||
err = resLdapApis.Error
|
||||
logx.Error("获取ldap用户信息权限组失败", err)
|
||||
return false
|
||||
}
|
||||
apiId := infoLdapApis.Id
|
||||
|
||||
var infoLdapGroup gmodel.LdapGroup
|
||||
resLdapGroup := l.MysqlConn.Model(gmodel.LdapGroup{}).Where("id = ?", groupId).Take(&infoLdapGroup)
|
||||
if resLdapGroup.Error != nil {
|
||||
err = resLdapGroup.Error
|
||||
logx.Error("获取ldap用户信息权限组失败", err)
|
||||
return false
|
||||
}
|
||||
var apiMaps = make(map[int64]string, 100)
|
||||
var metadata []*GroupAuthMetadata
|
||||
if infoLdapGroup.Metadata != nil {
|
||||
err := json.Unmarshal(*infoLdapGroup.Metadata, &metadata)
|
||||
if err != nil {
|
||||
basic.CodeServiceErr.Message = "系统出错"
|
||||
// 缓存组件--go get github.com/patrickmn/go-cache
|
||||
c := cache.New(5*time.Minute, 10*time.Minute)
|
||||
|
||||
var pathKey = fmt.Sprintf("LdapApi_%v_%v", path, r.Method)
|
||||
apiIdObj, found := c.Get(pathKey)
|
||||
if found {
|
||||
apiId = apiIdObj.(int64)
|
||||
} else {
|
||||
// 缓存--5分钟
|
||||
var infoLdapApis gmodel.LdapApis
|
||||
resLdapApis := l.MysqlConn.Model(gmodel.LdapApis{}).Where("path = ? AND method = ?", path, r.Method).Take(&infoLdapApis)
|
||||
if resLdapApis.Error != nil {
|
||||
err = resLdapApis.Error
|
||||
logx.Error("获取ldap用户信息权限组失败", err)
|
||||
return false
|
||||
}
|
||||
getAllApis(metadata, &apiMaps)
|
||||
apiId = infoLdapApis.Id
|
||||
c.Set(pathKey, apiId, 5*time.Minute)
|
||||
}
|
||||
|
||||
var groupKey = fmt.Sprintf("LdapGroup_%v", groupId)
|
||||
groupObj, groupFound := c.Get(groupKey)
|
||||
if groupFound {
|
||||
apiMaps = groupObj.(map[int64]string)
|
||||
} else {
|
||||
// 缓存--5分钟
|
||||
var infoLdapGroup gmodel.LdapGroup
|
||||
resLdapGroup := l.MysqlConn.Model(gmodel.LdapGroup{}).Where("id = ?", groupId).Take(&infoLdapGroup)
|
||||
if resLdapGroup.Error != nil {
|
||||
err = resLdapGroup.Error
|
||||
logx.Error("获取ldap用户信息权限组失败", err)
|
||||
return false
|
||||
}
|
||||
|
||||
var metadata []*GroupAuthMetadata
|
||||
if infoLdapGroup.Metadata != nil {
|
||||
err := json.Unmarshal(*infoLdapGroup.Metadata, &metadata)
|
||||
if err != nil {
|
||||
basic.CodeServiceErr.Message = "系统出错"
|
||||
return false
|
||||
}
|
||||
getAllApis(metadata, &apiMaps)
|
||||
c.Set(groupKey, apiMaps, 5*time.Minute)
|
||||
}
|
||||
}
|
||||
|
||||
if _, ok := apiMaps[apiId]; ok {
|
||||
return true
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user