mayfly-go/server/pkg/req/permission_handler.go

package req

import (
	"encoding/json"
	"fmt"
	"mayfly-go/pkg/cache"
	"mayfly-go/pkg/config"
	"mayfly-go/pkg/contextx"
	"mayfly-go/pkg/errorx"
	"mayfly-go/pkg/model"
	"mayfly-go/pkg/rediscli"
	"mayfly-go/pkg/utils/anyx"
	"strings"
	"time"
)

type Permission struct {
	NeedToken bool   // 是否需要token
	Code      string // 权限code
}

func NewPermission(code string) *Permission {
	return &Permission{NeedToken: true, Code: code}
}

var (
	permissionCodeRegistry PermissionCodeRegistry
)

func PermissionHandler(rc *Ctx) error {
	if permissionCodeRegistry == nil {
		if rediscli.GetCli() == nil {
			permissionCodeRegistry = new(DefaultPermissionCodeRegistry)
		} else {
			permissionCodeRegistry = new(RedisPermissionCodeRegistry)
		}
	}

	var permission *Permission
	if rc.Conf != nil {
		permission = rc.Conf.requiredPermission
	}
	// 如果需要的权限信息不为空，并且不需要token，则不返回错误，继续后续逻辑
	if permission != nil && !permission.NeedToken {
		return nil
	}
	tokenStr := rc.F.GetHeader("Authorization")
	// 删除前缀 Bearer, 以支持 Bearer Token
	tokenStr, _ = strings.CutPrefix(tokenStr, "Bearer ")
	// header不存在则从查询参数token中获取
	if tokenStr == "" {
		tokenStr = rc.F.Query("token")
	}
	if tokenStr == "" {
		return errorx.PermissionErr
	}
	userId, userName, err := ParseToken(tokenStr)
	if err != nil || userId == 0 {
		return errorx.PermissionErr
	}
	// 权限不为nil，并且permission code不为空，则校验是否有权限code
	if permission != nil && permission.Code != "" {
		if !permissionCodeRegistry.HasCode(userId, permission.Code) {
			return errorx.PermissionErr
		}
	}
	rc.MetaCtx = contextx.WithLoginAccount(rc.MetaCtx, &model.LoginAccount{
		Id:       userId,
		Username: userName,
	})
	return nil
}

// 保存用户权限code
func SavePermissionCodes(userId uint64, codes []string) {
	permissionCodeRegistry.SaveCodes(userId, codes)
}

// 删除用户权限code
func DeletePermissionCodes(userId uint64) {
	permissionCodeRegistry.Remove(userId)
}

// 设置权限code注册器
func SetPermissionCodeRegistery(pcr PermissionCodeRegistry) {
	permissionCodeRegistry = pcr
}

func GetPermissionCodeRegistery() PermissionCodeRegistry {
	return permissionCodeRegistry
}

type PermissionCodeRegistry interface {
	// 保存用户权限code
	SaveCodes(userId uint64, codes []string)

	// 判断用户是否拥有该code的权限
	HasCode(userId uint64, code string) bool

	Remove(userId uint64)
}

type DefaultPermissionCodeRegistry struct {
	cache *cache.TimedCache
}

func (r *DefaultPermissionCodeRegistry) SaveCodes(userId uint64, codes []string) {
	if r.cache == nil {
		r.cache = cache.NewTimedCache(time.Minute*time.Duration(config.Conf.Jwt.ExpireTime), 5*time.Second)
	}
	r.cache.Put(fmt.Sprintf("%v", userId), codes)
}

func (r *DefaultPermissionCodeRegistry) HasCode(userId uint64, code string) bool {
	if r.cache == nil {
		return false
	}
	codes, found := r.cache.Get(fmt.Sprintf("%v", userId))
	if !found {
		return false
	}
	for _, v := range codes.([]string) {
		if v == code {
			return true
		}
	}
	return false
}

func (r *DefaultPermissionCodeRegistry) Remove(userId uint64) {
	if r.cache != nil {
		r.cache.Delete(fmt.Sprintf("%v", userId))
	}
}

type RedisPermissionCodeRegistry struct {
}

func (r *RedisPermissionCodeRegistry) SaveCodes(userId uint64, codes []string) {
	rediscli.Set(fmt.Sprintf("mayfly:%v:codes", userId), anyx.ToString(codes), time.Minute*time.Duration(config.Conf.Jwt.ExpireTime))
}

func (r *RedisPermissionCodeRegistry) HasCode(userId uint64, code string) bool {
	str, err := rediscli.Get(fmt.Sprintf("mayfly:%v:codes", userId))
	if err != nil || str == "" {
		return false
	}

	var codes []string
	_ = json.Unmarshal([]byte(str), &codes)
	for _, v := range codes {
		if v == code {
			return true
		}
	}
	return false
}

func (r *RedisPermissionCodeRegistry) Remove(userId uint64) {
	rediscli.Del(fmt.Sprintf("mayfly:%v:codes", userId))
}
-												refactor: 包名变更ctx -> req

											
										
										
											2023-01-14 16:29:52 +08:00
+								package req
-												feat: 目录及代码优化调整

											
										
										
											2021-03-24 17:18:39 +08:00
 								import (
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									"encoding/json"
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+									"fmt"
-												refactor: 后端包结构重构、去除无用的文件

											
										
										
											2022-06-02 17:41:11 +08:00
+									"mayfly-go/pkg/cache"
 									"mayfly-go/pkg/config"
-												feat: 机器列表新增运行状态 & refactor: 登录账号信息存储与context

											
										
										
											2023-11-07 21:05:21 +08:00
+									"mayfly-go/pkg/contextx"
-												refactor: 新增base.Repo与base.App，重构repo与app层代码

											
										
										
											2023-10-26 17:15:49 +08:00
+									"mayfly-go/pkg/errorx"
-												feature: 每个客户端独立处理后端发送的系统消息

											
										
										
											2023-10-18 15:24:29 +08:00
+									"mayfly-go/pkg/model"
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									"mayfly-go/pkg/rediscli"
-												refactor: code review

											
										
										
											2023-10-20 21:31:46 +08:00
+									"mayfly-go/pkg/utils/anyx"
-												feat: 实现数据库备份与恢复

											
										
										
											2023-12-27 22:59:20 +08:00
+									"strings"
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+									"time"
-												feat: 目录及代码优化调整

											
										
										
											2021-03-24 17:18:39 +08:00
+								)
-												简单基于DDD重构，并实现机器文件及脚本管理

											
										
										
											2021-05-08 18:00:33 +08:00
+								type Permission struct {
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+									NeedToken bool   // 是否需要token
 									Code      string // 权限code
-												feat: 目录及代码优化调整

											
										
										
											2021-03-24 17:18:39 +08:00
+								}
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+								func NewPermission(code string) *Permission {
 									return &Permission{NeedToken: true, Code: code}
 								}
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+								var (
 									permissionCodeRegistry PermissionCodeRegistry
 								)
-												refactor: 包名变更ctx -> req

											
										
										
											2023-01-14 16:29:52 +08:00
+								func PermissionHandler(rc *Ctx) error {
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									if permissionCodeRegistry == nil {
 										if rediscli.GetCli() == nil {
 											permissionCodeRegistry = new(DefaultPermissionCodeRegistry)
 										} else {
 											permissionCodeRegistry = new(RedisPermissionCodeRegistry)
 										}
 									}
-												refactor: 后端路由定义方式&请求参数绑定重构

											
										
										
											2023-07-08 20:05:55 +08:00
+									var permission *Permission
 									if rc.Conf != nil {
 										permission = rc.Conf.requiredPermission
 									}
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									// 如果需要的权限信息不为空，并且不需要token，则不返回错误，继续后续逻辑
 									if permission != nil && !permission.NeedToken {
 										return nil
 									}
-												refactor: api层尽可能屏蔽gin框架相关代码

											
										
										
											2024-02-24 16:30:29 +08:00
+									tokenStr := rc.F.GetHeader("Authorization")
-												feat: 实现数据库备份与恢复

											
										
										
											2023-12-27 22:59:20 +08:00
+									// 删除前缀 Bearer, 以支持 Bearer Token
 									tokenStr, _ = strings.CutPrefix(tokenStr, "Bearer ")
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									// header不存在则从查询参数token中获取
 									if tokenStr == "" {
-												refactor: api层尽可能屏蔽gin框架相关代码

											
										
										
											2024-02-24 16:30:29 +08:00
+										tokenStr = rc.F.Query("token")
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									}
 									if tokenStr == "" {
-												refactor: 新增base.Repo与base.App，重构repo与app层代码

											
										
										
											2023-10-26 17:15:49 +08:00
+										return errorx.PermissionErr
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									}
-												feature: 每个客户端独立处理后端发送的系统消息

											
										
										
											2023-10-18 15:24:29 +08:00
+									userId, userName, err := ParseToken(tokenStr)
 									if err != nil || userId == 0 {
-												refactor: 新增base.Repo与base.App，重构repo与app层代码

											
										
										
											2023-10-26 17:15:49 +08:00
+										return errorx.PermissionErr
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									}
 									// 权限不为nil，并且permission code不为空，则校验是否有权限code
 									if permission != nil && permission.Code != "" {
-												feature: 每个客户端独立处理后端发送的系统消息

											
										
										
											2023-10-18 15:24:29 +08:00
+										if !permissionCodeRegistry.HasCode(userId, permission.Code) {
-												refactor: 新增base.Repo与base.App，重构repo与app层代码

											
										
										
											2023-10-26 17:15:49 +08:00
+											return errorx.PermissionErr
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+										}
 									}
-												feat: 机器列表新增运行状态 & refactor: 登录账号信息存储与context

											
										
										
											2023-11-07 21:05:21 +08:00
+									rc.MetaCtx = contextx.WithLoginAccount(rc.MetaCtx, &model.LoginAccount{
 										Id:       userId,
 										Username: userName,
 									})
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									return nil
 								}
 								// 保存用户权限code
 								func SavePermissionCodes(userId uint64, codes []string) {
 									permissionCodeRegistry.SaveCodes(userId, codes)
 								}
 								// 删除用户权限code
 								func DeletePermissionCodes(userId uint64) {
 									permissionCodeRegistry.Remove(userId)
 								}
 								// 设置权限code注册器
 								func SetPermissionCodeRegistery(pcr PermissionCodeRegistry) {
 									permissionCodeRegistry = pcr
 								}
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+								func GetPermissionCodeRegistery() PermissionCodeRegistry {
 									return permissionCodeRegistry
 								}
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+								type PermissionCodeRegistry interface {
 									// 保存用户权限code
 									SaveCodes(userId uint64, codes []string)
 									// 判断用户是否拥有该code的权限
 									HasCode(userId uint64, code string) bool
 									Remove(userId uint64)
 								}
 								type DefaultPermissionCodeRegistry struct {
 									cache *cache.TimedCache
 								}
 								func (r *DefaultPermissionCodeRegistry) SaveCodes(userId uint64, codes []string) {
 									if r.cache == nil {
-												feat: 完善数据库信息保存以及项目、redis相关操作

											
										
										
											2021-07-28 18:03:19 +08:00
+										r.cache = cache.NewTimedCache(time.Minute*time.Duration(config.Conf.Jwt.ExpireTime), 5*time.Second)
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+									}
 									r.cache.Put(fmt.Sprintf("%v", userId), codes)
 								}
 								func (r *DefaultPermissionCodeRegistry) HasCode(userId uint64, code string) bool {
 									if r.cache == nil {
 										return false
 									}
 									codes, found := r.cache.Get(fmt.Sprintf("%v", userId))
 									if !found {
 										return false
 									}
 									for _, v := range codes.([]string) {
 										if v == code {
 											return true
 										}
 									}
 									return false
 								}
 								func (r *DefaultPermissionCodeRegistry) Remove(userId uint64) {
-												refactor: oauth2登录重构

											
										
										
											2023-07-22 20:51:46 +08:00
+									if r.cache != nil {
 										r.cache.Delete(fmt.Sprintf("%v", userId))
 									}
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+								}
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+								type RedisPermissionCodeRegistry struct {
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+								}
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+								func (r *RedisPermissionCodeRegistry) SaveCodes(userId uint64, codes []string) {
-												refactor: code review

											
										
										
											2023-10-20 21:31:46 +08:00
+									rediscli.Set(fmt.Sprintf("mayfly:%v:codes", userId), anyx.ToString(codes), time.Minute*time.Duration(config.Conf.Jwt.ExpireTime))
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+								}
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+								func (r *RedisPermissionCodeRegistry) HasCode(userId uint64, code string) bool {
 									str, err := rediscli.Get(fmt.Sprintf("mayfly:%v:codes", userId))
 									if err != nil || str == "" {
 										return false
-												feat: 目录及代码优化调整

											
										
										
											2021-03-24 17:18:39 +08:00
+									}
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
 									var codes []string
 									_ = json.Unmarshal([]byte(str), &codes)
 									for _, v := range codes {
 										if v == code {
 											return true
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
+										}
 									}
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+									return false
 								}
-												feat: 增加后端权限控制

											
										
										
											2021-06-09 16:58:57 +08:00
-												feat: 支持redis缓存权限等信息

											
										
										
											2022-12-26 20:53:07 +08:00
+								func (r *RedisPermissionCodeRegistry) Remove(userId uint64) {
 									rediscli.Del(fmt.Sprintf("mayfly:%v:codes", userId))
-												feat: 目录及代码优化调整

											
										
										
											2021-03-24 17:18:39 +08:00
+								}