feat: 增加后端权限控制

server/devops/apis/machine.go

@@ -63,7 +63,8 @@ func (m *Machine) WsSSH(g *gin.Context) {
 		panic(biz.NewBizErr("升级websocket失败"))
 	}
 	// 权限校验
-	if err = ctx.PermissionHandler(ctx.NewReqCtxWithGin(g)); err != nil {
+	rc := ctx.NewReqCtxWithGin(g).WithRequiredPermission(ctx.NewPermission("machine:terminal"))
+	if err = ctx.PermissionHandler(rc); err != nil {
 		panic(biz.NewBizErr("没有权限"))
 	}
 

server/devops/routers/machine_file.go

@@ -22,14 +22,20 @@ func InitMachineFileRouter(router *gin.RouterGroup) {
 
 		// 新增修改机器文件
 		addFileConf := ctx.NewLogInfo("新增机器文件配置")
+		afcP := ctx.NewPermission("machine:file:add")
 		machineFile.POST(":machineId/files", func(c *gin.Context) {
-			ctx.NewReqCtxWithGin(c).WithLog(addFileConf).Handle(mf.SaveMachineFiles)
+			ctx.NewReqCtxWithGin(c).WithLog(addFileConf).
+				WithRequiredPermission(afcP).
+				Handle(mf.SaveMachineFiles)
 		})
 
 		// 删除机器文件
-		delFileConf := ctx.NewLogInfo("新增机器文件配置")
+		delFileConf := ctx.NewLogInfo("删除机器文件配置")
+		dfcP := ctx.NewPermission("machine:file:del")
 		machineFile.DELETE(":machineId/files/:fileId", func(c *gin.Context) {
-			ctx.NewReqCtxWithGin(c).WithLog(delFileConf).Handle(mf.DeleteFile)
+			ctx.NewReqCtxWithGin(c).WithLog(delFileConf).
+				WithRequiredPermission(dfcP).
+				Handle(mf.DeleteFile)
 		})
 
 		getContent := ctx.NewLogInfo("读取机器文件内容")
@@ -45,21 +51,27 @@ func InitMachineFileRouter(router *gin.RouterGroup) {
 		})
 
 		writeFile := ctx.NewLogInfo("写入or下载文件内容")
+		wfP := ctx.NewPermission("machine:file:write")
 		machineFile.POST(":machineId/files/:fileId/write", func(c *gin.Context) {
-			rc := ctx.NewReqCtxWithGin(c).WithLog(writeFile)
-			rc.Handle(mf.WriteFileContent)
+			ctx.NewReqCtxWithGin(c).WithLog(writeFile).
+				WithRequiredPermission(wfP).
+				Handle(mf.WriteFileContent)
 		})
 
 		uploadFile := ctx.NewLogInfo("文件上传")
+		ufP := ctx.NewPermission("machine:file:upload")
 		machineFile.POST(":machineId/files/:fileId/upload", func(c *gin.Context) {
-			rc := ctx.NewReqCtxWithGin(c).WithLog(uploadFile)
-			rc.Handle(mf.UploadFile)
+			ctx.NewReqCtxWithGin(c).WithLog(uploadFile).
+				WithRequiredPermission(ufP).
+				Handle(mf.UploadFile)
 		})
 
 		removeFile := ctx.NewLogInfo("删除文件or文件夹")
+		rfP := ctx.NewPermission("machine:file:rm")
 		machineFile.DELETE(":machineId/files/:fileId/remove", func(c *gin.Context) {
-			rc := ctx.NewReqCtxWithGin(c).WithLog(removeFile)
-			rc.Handle(mf.RemoveFile)
+			ctx.NewReqCtxWithGin(c).WithLog(removeFile).
+				WithRequiredPermission(rfP).
+				Handle(mf.RemoveFile)
 		})
 	}
 }

server/devops/routers/machine_script.go

@@ -21,24 +21,30 @@ func InitMachineScriptRouter(router *gin.RouterGroup) {
 		})
 
 		saveMachienScriptLog := ctx.NewLogInfo("保存脚本")
+		smsP := ctx.NewPermission("machine:script:save")
 		// 保存脚本
 		machines.POST(":machineId/scripts", func(c *gin.Context) {
-			rc := ctx.NewReqCtxWithGin(c).WithLog(saveMachienScriptLog)
-			rc.Handle(ms.SaveMachineScript)
+			ctx.NewReqCtxWithGin(c).WithLog(saveMachienScriptLog).
+				WithRequiredPermission(smsP).
+				Handle(ms.SaveMachineScript)
 		})
 
 		deleteLog := ctx.NewLogInfo("删除脚本")
+		dP := ctx.NewPermission("machine:script:del")
 		// 保存脚本
 		machines.DELETE(":machineId/scripts/:scriptId", func(c *gin.Context) {
-			rc := ctx.NewReqCtxWithGin(c).WithLog(deleteLog)
-			rc.Handle(ms.DeleteMachineScript)
+			ctx.NewReqCtxWithGin(c).WithLog(deleteLog).
+				WithRequiredPermission(dP).
+				Handle(ms.DeleteMachineScript)
 		})
 
 		runLog := ctx.NewLogInfo("执行机器脚本")
+		rP := ctx.NewPermission("machine:script:run")
 		// 运行脚本
 		machines.GET(":machineId/scripts/:scriptId/run", func(c *gin.Context) {
-			rc := ctx.NewReqCtxWithGin(c).WithLog(runLog)
-			rc.Handle(ms.RunMachineScript)
+			ctx.NewReqCtxWithGin(c).WithLog(runLog).
+				WithRequiredPermission(rP).
+				Handle(ms.RunMachineScript)
 		})
 	}
 }