2025-04-30 15:46:14 +08:00
|
|
|
package server
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
apiUser "admin/apps/user/api"
|
|
|
|
|
"admin/internal/context"
|
|
|
|
|
"admin/internal/errcode"
|
|
|
|
|
"admin/internal/permission"
|
2025-05-07 18:25:31 +08:00
|
|
|
"strings"
|
2025-04-30 15:46:14 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (srv *Server) CheckToken(ctx *context.WebContext) {
|
2025-05-07 18:25:31 +08:00
|
|
|
if strings.Contains(ctx.GinCtx().Request.URL.Path, "/login") {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-04-30 15:46:14 +08:00
|
|
|
err := ctx.ExtractHeader()
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Fail(errcode.New(errcode.HeaderParamsInvalid, "header invalid"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
authRsp, err := apiUser.GetUserApiInstance().Auth(ctx, &apiUser.AuthReq{
|
|
|
|
|
Token: ctx.Header.Token,
|
|
|
|
|
UserId: ctx.Header.UserId,
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Fail(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-05-05 10:30:33 +08:00
|
|
|
ctx.Header.UserName = authRsp.User.NickName
|
|
|
|
|
|
2025-04-30 15:46:14 +08:00
|
|
|
ctx.GinCtx().Set("userInfo", authRsp)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (srv *Server) CheckPermissions(ctx *context.WebContext) {
|
|
|
|
|
userInfoI, find := ctx.GinCtx().Get("userInfo")
|
|
|
|
|
if !find {
|
|
|
|
|
ctx.Fail(errcode.New(errcode.TokenInvalid, "not found ctx userInfo"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
userInfo, _ := userInfoI.(*apiUser.UserInfo)
|
|
|
|
|
|
|
|
|
|
projectId, resource := getCtxURIProjectIdAndResource(ctx)
|
|
|
|
|
if projectId <= 0 {
|
|
|
|
|
if ctx.GinCtx().Request.URL.Path == "/api/project" {
|
|
|
|
|
if userInfo.Character != "admin" {
|
|
|
|
|
ctx.Fail(errcode.New(errcode.NoPermission, "user %v is not admin, can't operate project", ctx.Header.UserId))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
ctx.GinCtx().Next()
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
ctx.Fail(errcode.New(errcode.NoPermission, "project_id %v in ctx invalid", projectId))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if resource == "" {
|
|
|
|
|
ctx.Fail(errcode.New(errcode.NoPermission, "resource %v in ctx invalid", resource))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reqPermission := permission.GetProjectResourcePermission(projectId, resource, ctx.GinCtx().Request.Method)
|
|
|
|
|
|
|
|
|
|
if userInfo.Character == "admin" {
|
|
|
|
|
ctx.GinCtx().Next()
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, v := range userInfo.Permissions {
|
|
|
|
|
if reqPermission == v {
|
|
|
|
|
ctx.GinCtx().Next()
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Fail(errcode.New(errcode.NoPermission, "user %v don't have permission %v", ctx.Header.UserId, reqPermission))
|
|
|
|
|
return
|
|
|
|
|
}
|
