authority_middleware.go 3.2 KB

  1. package middleware
  2. import (
  3. "context"
  4. "errors"
  5. ""
  6. ""
  7. "net/http"
  8. "strings"
  9. ""
  10. ""
  11. ""
  12. ""
  13. ""
  14. ""
  15. ""
  16. ""
  17. )
  18. type AuthorityMiddleware struct {
  19. Cbn *casbin.Enforcer
  20. Rds redis.UniversalClient
  21. CoreRpc coreclient.Core
  22. }
  23. func NewAuthorityMiddleware(cbn *casbin.Enforcer, rds redis.UniversalClient, c coreclient.Core) *AuthorityMiddleware {
  24. return &AuthorityMiddleware{
  25. Cbn: cbn,
  26. Rds: rds,
  27. CoreRpc: c,
  28. }
  29. }
  30. func (m *AuthorityMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
  31. return func(w http.ResponseWriter, r *http.Request) {
  32. // get the path
  33. obj := r.URL.Path
  34. // get the method
  35. act := r.Method
  36. // get the role id
  37. roleIds := r.Context().Value("roleId").(string)
  38. // check jwt blacklist
  39. jwtResult, err := m.Rds.Get(context.Background(), config.RedisTokenPrefix+jwt.StripBearerPrefixFromToken(r.Header.Get("Authorization"))).Result()
  40. if err != nil && !errors.Is(err, redis.Nil) {
  41. logx.Errorw("redis error in jwt", logx.Field("detail", err.Error()))
  42. httpx.Error(w, errorx.NewApiError(http.StatusInternalServerError, err.Error()))
  43. return
  44. }
  45. if jwtResult == "1" {
  46. logx.Errorw("token in blacklist", logx.Field("detail", r.Header.Get("Authorization")))
  47. httpx.Error(w, errorx.NewApiErrorWithoutMsg(http.StatusUnauthorized))
  48. return
  49. }
  50. result := batchCheck(m.Cbn, roleIds, act, obj)
  51. if result {
  52. logx.Infow("HTTP/HTTPS Request", logx.Field("UUID", r.Context().Value("userId").(string)),
  53. logx.Field("path", obj), logx.Field("method", act))
  54. userIdStr := r.Context().Value("userId").(string)
  55. data, err := m.CoreRpc.GetUserById(r.Context(), &core.UUIDReq{Id: userIdStr})
  56. if err != nil {
  57. logx.Errorw("get user info error", logx.Field("detail", err.Error()))
  58. httpx.Error(w, errorx.NewApiError(http.StatusInternalServerError, err.Error()))
  59. return
  60. }
  61. // 将 data.DepartmentID 插入上下文,以供后续接口使用
  62. //fmt.Printf("---------------departmentId----------------: %d\n\n", *data.DepartmentId)
  63. r = r.WithContext(context.WithValue(r.Context(), "organizationId", *data.DepartmentId))
  64. next(w, r)
  65. return
  66. } else {
  67. logx.Errorw("the role is not permitted to access the API", logx.Field("roleId", roleIds),
  68. logx.Field("path", obj), logx.Field("method", act))
  69. httpx.Error(w, errorx.NewCodeError(errorcode.PermissionDenied, "Permission Denied"))
  70. return
  71. }
  72. }
  73. }
  74. func batchCheck(cbn *casbin.Enforcer, roleIds, act, obj string) bool {
  75. var checkReq [][]any
  76. for _, v := range strings.Split(roleIds, ",") {
  77. checkReq = append(checkReq, []any{v, obj, act})
  78. }
  79. result, err := cbn.BatchEnforce(checkReq)
  80. if err != nil {
  81. logx.Errorw("Casbin enforce error", logx.Field("detail", err.Error()))
  82. return false
  83. }
  84. for _, v := range result {
  85. if v {
  86. return true
  87. }
  88. }
  89. return false
  90. }