hejl
/
manta
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
212 Commits
1 Branch
0 Tags
553 MiB
 
 
 
 
 
 
Tree: cceb30aaba
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cceb30aaba'
${ noResults }
manta/gofaster/backend/internal/shared/middleware/permission_middleware.go

159 lines
4.3 KiB
Raw Blame History

package middleware
import (
"net/http"
"gofaster/internal/auth/repository"
"gofaster/internal/auth/service"
"github.com/gin-gonic/gin"
"gorm.io/gorm"
)
// PermissionMiddleware 权限检查中间件
func PermissionMiddleware(db *gorm.DB, resource, action string) gin.HandlerFunc {
return func(c *gin.Context) {
// 从上下文中获取用户ID
userIDInterface, exists := c.Get("user_id")
if !exists {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "用户未认证"})
return
}
userID, ok := userIDInterface.(uint)
if !ok {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "无效的用户ID"})
return
}
// 初始化权限服务
permissionRepo := repository.NewPermissionRepository(db)
roleRepo := repository.NewRoleRepository(db)
permissionService := service.NewPermissionService(permissionRepo, roleRepo)
// 检查用户是否有访问该资源的权限
hasPermission, err := permissionService.CheckUserResourcePermission(c.Request.Context(), userID, resource, action)
if err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "权限检查失败"})
return
}
if !hasPermission {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "权限不足"})
return
}
c.Next()
}
}
// ResourcePermissionMiddleware 资源权限检查中间件(从URL参数获取资源信息)
func ResourcePermissionMiddleware(db *gorm.DB) gin.HandlerFunc {
return func(c *gin.Context) {
// 从上下文中获取用户ID
userIDInterface, exists := c.Get("user_id")
if !exists {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "用户未认证"})
return
}
userID, ok := userIDInterface.(uint)
if !ok {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "无效的用户ID"})
return
}
// 从请求中获取资源信息
resource := c.Param("resource")
if resource == "" {
// 尝试从路径中提取资源信息
path := c.Request.URL.Path
// 简单的路径解析,可以根据需要调整
if len(path) > 0 {
resource = path
}
}
// 获取HTTP方法作为操作
action := c.Request.Method
// 初始化权限服务
permissionRepo := repository.NewPermissionRepository(db)
roleRepo := repository.NewRoleRepository(db)
permissionService := service.NewPermissionService(permissionRepo, roleRepo)
// 检查用户是否有访问该资源的权限
hasPermission, err := permissionService.CheckUserResourcePermission(c.Request.Context(), userID, resource, action)
if err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "权限检查失败"})
return
}
if !hasPermission {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "权限不足"})
return
}
c.Next()
}
}
// RoleMiddleware 角色检查中间件
func RoleMiddleware(db *gorm.DB, requiredRoles ...string) gin.HandlerFunc {
return func(c *gin.Context) {
// 从上下文中获取用户ID
userIDInterface, exists := c.Get("user_id")
if !exists {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "用户未认证"})
return
}
userID, ok := userIDInterface.(uint)
if !ok {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "无效的用户ID"})
return
}
// 初始化角色服务
roleRepo := repository.NewRoleRepository(db)
roleService := service.NewRoleService(roleRepo)
// 获取用户的角色
userRoles, err := roleService.GetUserRoles(c.Request.Context(), userID)
if err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "获取用户角色失败"})
return
}
// 检查用户是否有所需角色
hasRequiredRole := false
for _, userRole := range userRoles {
for _, requiredRole := range requiredRoles {
if userRole.Code == requiredRole {
hasRequiredRole = true
break
}
}
if hasRequiredRole {
break
}
}
if !hasRequiredRole {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"error": "角色权限不足"})
return
}
c.Next()
}
}
// AdminMiddleware 管理员权限中间件
func AdminMiddleware(db *gorm.DB) gin.HandlerFunc {
return RoleMiddleware(db, "SUPER_ADMIN", "ADMIN")
}
// SuperAdminMiddleware 超级管理员权限中间件
func SuperAdminMiddleware(db *gorm.DB) gin.HandlerFunc {
return RoleMiddleware(db, "SUPER_ADMIN")
}