package routers import ( "ERP_salary/Nats/NatsServer" "ERP_salary/conf" "ERP_salary/logs" "ERP_salary/models/Account" powerlibs "git.baozhida.cn/ERP_libs/Power" "git.baozhida.cn/ERP_libs/lib" "github.com/beego/beego/v2/adapter/orm" "github.com/beego/beego/v2/server/web/context" "strings" ) var ( filterExcludeURLMap = make(map[string]int) // 不鉴权的URL filterOnlyLoginCheckURLMap = make(map[string]int) // 只鉴权登录的URL ) func init() { //初始化配置 不鉴权的URL和只鉴权登录的URL logs.Println("=========== 初始化路由筛选信息 =========") excludeUrl := conf.FilterExcludeURL if len(excludeUrl) > 0 { excludeUrlSlice := strings.Split(excludeUrl, ",") if len(excludeUrlSlice) > 0 { for _, v := range excludeUrlSlice { filterExcludeURLMap[v] = 1 } } } checkLoginUrl := conf.FilterOnlyLoginCheckURL if len(checkLoginUrl) > 0 { checkLoginUrlSlice := strings.Split(checkLoginUrl, ",") if len(checkLoginUrlSlice) > 0 { for _, v := range checkLoginUrlSlice { filterOnlyLoginCheckURLMap[v] = 1 } } } } func RBACFilter(ctx *context.Context) { //判断URL是否排除 if _, ok := filterExcludeURLMap[ctx.Request.URL.Path]; ok { return } user_r, err := NatsServer.Verification(ctx.GetCookie("User_tokey"), ctx.Input.Query("User_tokey")) if err != nil { ctx.Output.JSON(lib.JSONS{Code: 201, Msg: "请重新登陆!"}, true, false) return } Account.User_r = &user_r //判断是否只验证登录的URL if _, ok := filterOnlyLoginCheckURLMap[ctx.Request.URL.Path]; ok { return } o := orm.NewOrm() powerDao := powerlibs.NewPower(o) power, err := powerDao.Read_Power_ByT_id(user_r.T_power) if err != nil { data := lib.JSONS{Code: 202, Msg: "获取权限失败!"} ctx.Output.JSON(data, true, false) return } if power.T_menu == "*" { return } api := Account.Read_API_List_ByPower(power.T_id, power.T_menu) flag := false for _, v := range api { if v.T_uri == ctx.Request.URL.Path { flag = true break } } if !flag { data := lib.JSONS{Code: 202, Msg: "无权访问!"} ctx.Output.JSON(data, true, false) return } }