package middleware import ( "regexp" "strings" "github.com/gin-gonic/gin" "go.uber.org/zap" "joylink.club/bj-rtsts-server/db/model" "joylink.club/bj-rtsts-server/dto" "joylink.club/bj-rtsts-server/service" ) // 用户权限缓存 var userAuthPathMap = make(map[int32]*dto.AuthUserStorageDto) var PermissMiddleware = permissionMiddleware() // 权限验证信息0 func permissionMiddleware() gin.HandlerFunc { return func(c *gin.Context) { user, _ := c.Get(IdentityKey) if user == nil { // 用户未登录 c.Next() return } uid := user.(*model.User).ID userAuth := userAuthPathMap[uid] if userAuth == nil { userAuthPathMap[uid] = service.QueryUserAuthApiPath(uid) userAuth = userAuthPathMap[uid] } if userAuth.IsAdmin { // 用户是超级管理员 c.Next() return } path, method := c.Request.URL.Path, c.Request.Method if validateUserPath(path, method, userAuth.AuthPaths) { // 用户有权限 c.Next() return } zap.S().Errorf("无权限操作请求路径:%s, 方法:%s", path, method) panic(dto.ErrorDto{Code: dto.NoAuthOperationError, Message: "无权限操作"}) } } // 验证路径 func validateUserPath(path, method string, paths []*dto.AuthPath) bool { for _, p := range paths { if p.Method != "*" && !strings.Contains(p.Method, method) { // 判断方法是否匹配 continue } if p.Path == path { return true } authReg, _ := regexp.Compile(p.Path) if authReg.MatchString(path) { // 匹配路径 return true } } return false } // 重新登录时移除权限 func ClearUserPermission(userId int32) { delete(userAuthPathMap, userId) } // 修改角色后清理用户权限 func ClearUserPermissionByRid(roleId int32) { var uids []int32 for uid, u := range userAuthPathMap { for _, r := range u.RoleIds { if r == roleId { uids = append(uids, uid) break } } } if len(uids) == 0 { return } for _, uid := range uids { ClearUserPermission(uid) } }