zoie
/
Cold_Api


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
							package routers

import (
	"Cold_Api/conf"
	"Cold_Api/controllers/lib"
	"Cold_Api/models/Account"
	"fmt"
	"github.com/beego/beego/v2/core/logs"
	"github.com/beego/beego/v2/server/web/context"
	"strings"
)

var (
	version                    = conf.Version
	filterExcludeURLMap        = make(map[string]int) // 不鉴权的URL
	filterOnlyLoginCheckURLMap = make(map[string]int) // 只鉴权登录的URL
)

func init() {
	//初始化配置 不鉴权的URL和只鉴权登录的URL
	logs.Info("=========== 初始化路由筛选信息 =========")

	excludeUrl := conf.FilterExcludeURL
	if len(excludeUrl) > 0 {
		excludeUrlSlice := strings.Split(excludeUrl, ",")
		if len(excludeUrlSlice) > 0 {
			for _, v := range excludeUrlSlice {
				if v == "/docking/Real_Data" || v == "/docking/Note_Data" {
					filterExcludeURLMap[v] = 1
					continue
				}
				filterExcludeURLMap[version+v] = 1
			}
		}
	}
	checkLoginUrl := conf.FilterOnlyLoginCheckURL
	if len(checkLoginUrl) > 0 {
		checkLoginUrlSlice := strings.Split(checkLoginUrl, ",")
		if len(checkLoginUrlSlice) > 0 {
			for _, v := range checkLoginUrlSlice {
				filterOnlyLoginCheckURLMap[version+v] = 1
			}
		}
	}
}

func RBACFilter(ctx *context.Context) {
	//判断URL是否排除
	if _, ok := filterExcludeURLMap[ctx.Request.URL.Path]; ok {
		return
	}
	b_, admin_r := Account.Verification(ctx.GetCookie("User_tokey"), ctx.Input.Query("User_tokey"))
	if !b_ {
		ctx.Output.JSON(lib.JSONS{Code: 201, Msg: "请重新登陆!"}, true, false)
		return
	}
	//判断是否只验证登录的URL
	if _, ok := filterOnlyLoginCheckURLMap[ctx.Request.URL.Path]; b_ && ok {
		return
	}

	power, _ := Account.Read_Power_ById(admin_r.T_power)

	if power.T_menu == "*" {
		return
	}

	api := Account.Read_API_List_ByPower_Id(power.Id, power.T_menu)
	flag := false
	for _, v := range api {
		if strings.Contains(version+v.T_uri, ctx.Request.URL.Path) {
			flag = true
			break
		}
	}
	if !flag {
		data := lib.JSONS{Code: 202, Msg: "无权访问!"}
		ctx.Output.JSON(data, true, false)
		return
	}

}

// 验证需要T_pid访问的接口
func T_pidFilter(ctx *context.Context) {

	//判断URL是否排除
	if _, ok := filterExcludeURLMap[ctx.Request.URL.Path]; ok {
		return
	}
	//判断是否只验证登录的URL
	if _, ok := filterOnlyLoginCheckURLMap[ctx.Request.URL.Path]; ok {
		return
	}

	GetCookie := ctx.GetCookie("User_tokey")
	GetString := ctx.Input.Query("User_tokey")

	User_tokey := GetCookie
	if len(User_tokey) == 0 {
		User_tokey = GetString
	}
	b_, admin_r := Account.Verification(ctx.GetCookie("User_tokey"), ctx.Input.Query("User_tokey"))
	if !b_ {
		ctx.Output.JSON(lib.JSONS{Code: 201, Msg: "请重新登陆!"}, true, false)
		return
	}
	T_pid := admin_r.T_pid
	if T_pid == 0 {
		T_pid, _ = Account.Redis_Tokey_T_pid_Get(User_tokey)
	}
	// fixme 如果逻辑正常，不需要做pid验证
	if T_pid == 0 {
		data := lib.JSONS{Code: 202, Msg: "T_pid Err!"}
		ctx.Output.JSON(data, true, false)
	}
	fmt.Println("公司 T_pid 为", T_pid)
}