package middleware import ( "net/http" "gofaster/internal/auth/repository" "gofaster/internal/auth/service" "github.com/gin-gonic/gin" "gorm.io/gorm" ) // PermissionMiddleware 权限检查中间件 func PermissionMiddleware(db *gorm.DB, resource, action string) gin.HandlerFunc { return func(c *gin.Context) { // 从上下文中获取用户ID userIDInterface, exists := c.Get("user_id") if !exists { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "用户未认证"}) return } userID, ok := userIDInterface.(uint) if !ok { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "无效的用户ID"}) return } // 初始化权限服务 permissionRepo := repository.NewPermissionRepository(db) roleRepo := repository.NewRoleRepository(db) permissionService := service.NewPermissionService(permissionRepo, roleRepo) // 检查用户是否有访问该资源的权限 hasPermission, err := permissionService.CheckUserResourcePermission(c.Request.Context(), userID, resource, action) if err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "权限检查失败"}) return } if !hasPermission { c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "权限不足"}) return } c.Next() } } // ResourcePermissionMiddleware 资源权限检查中间件(从URL参数获取资源信息) func ResourcePermissionMiddleware(db *gorm.DB) gin.HandlerFunc { return func(c *gin.Context) { // 从上下文中获取用户ID userIDInterface, exists := c.Get("user_id") if !exists { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "用户未认证"}) return } userID, ok := userIDInterface.(uint) if !ok { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "无效的用户ID"}) return } // 从请求中获取资源信息 resource := c.Param("resource") if resource == "" { // 尝试从路径中提取资源信息 path := c.Request.URL.Path // 简单的路径解析,可以根据需要调整 if len(path) > 0 { resource = path } } // 获取HTTP方法作为操作 action := c.Request.Method // 初始化权限服务 permissionRepo := repository.NewPermissionRepository(db) roleRepo := repository.NewRoleRepository(db) permissionService := service.NewPermissionService(permissionRepo, roleRepo) // 检查用户是否有访问该资源的权限 hasPermission, err := permissionService.CheckUserResourcePermission(c.Request.Context(), userID, resource, action) if err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "权限检查失败"}) return } if !hasPermission { c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "权限不足"}) return } c.Next() } } // RoleMiddleware 角色检查中间件 func RoleMiddleware(db *gorm.DB, requiredRoles ...string) gin.HandlerFunc { return func(c *gin.Context) { // 从上下文中获取用户ID userIDInterface, exists := c.Get("user_id") if !exists { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "用户未认证"}) return } userID, ok := userIDInterface.(uint) if !ok { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "无效的用户ID"}) return } // 初始化角色服务 roleRepo := repository.NewRoleRepository(db) roleService := service.NewRoleService(roleRepo) // 获取用户的角色 userRoles, err := roleService.GetUserRoles(c.Request.Context(), userID) if err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "获取用户角色失败"}) return } // 检查用户是否有所需角色 hasRequiredRole := false for _, userRole := range userRoles { for _, requiredRole := range requiredRoles { if userRole.Code == requiredRole { hasRequiredRole = true break } } if hasRequiredRole { break } } if !hasRequiredRole { c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "角色权限不足"}) return } c.Next() } } // AdminMiddleware 管理员权限中间件 func AdminMiddleware(db *gorm.DB) gin.HandlerFunc { return RoleMiddleware(db, "SUPER_ADMIN", "ADMIN") } // SuperAdminMiddleware 超级管理员权限中间件 func SuperAdminMiddleware(db *gorm.DB) gin.HandlerFunc { return RoleMiddleware(db, "SUPER_ADMIN") }