filter.go 2.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
  1. package routers
  2. import (
  3. "ERP_storage/Nats/NatsServer"
  4. "ERP_storage/conf"
  5. "ERP_storage/logs"
  6. "ERP_storage/models/Account"
  7. powerlibs "git.baozhida.cn/ERP_libs/Power"
  8. "git.baozhida.cn/ERP_libs/lib"
  9. "github.com/beego/beego/v2/adapter/orm"
  10. "github.com/beego/beego/v2/server/web/context"
  11. "strings"
  12. )
  13. var (
  14. filterExcludeURLMap = make(map[string]int) // 不鉴权的URL
  15. filterOnlyLoginCheckURLMap = make(map[string]int) // 只鉴权登录的URL
  16. )
  17. func init() {
  18. //初始化配置 不鉴权的URL和只鉴权登录的URL
  19. logs.Println("=========== 初始化路由筛选信息 =========")
  20. excludeUrl := conf.FilterExcludeURL
  21. if len(excludeUrl) > 0 {
  22. excludeUrlSlice := strings.Split(excludeUrl, ",")
  23. if len(excludeUrlSlice) > 0 {
  24. for _, v := range excludeUrlSlice {
  25. filterExcludeURLMap[v] = 1
  26. }
  27. }
  28. }
  29. checkLoginUrl := conf.FilterOnlyLoginCheckURL
  30. if len(checkLoginUrl) > 0 {
  31. checkLoginUrlSlice := strings.Split(checkLoginUrl, ",")
  32. if len(checkLoginUrlSlice) > 0 {
  33. for _, v := range checkLoginUrlSlice {
  34. filterOnlyLoginCheckURLMap[v] = 1
  35. }
  36. }
  37. }
  38. }
  39. func RBACFilter(ctx *context.Context) {
  40. //判断URL是否排除
  41. if _, ok := filterExcludeURLMap[ctx.Request.URL.Path]; ok {
  42. return
  43. }
  44. user_r, err := NatsServer.Verification(ctx.GetCookie("User_tokey"), ctx.Input.Query("User_tokey"))
  45. if err != nil {
  46. ctx.Output.JSON(lib.JSONS{Code: 201, Msg: "请重新登陆!"}, true, false)
  47. return
  48. }
  49. Account.User_r = &user_r
  50. //判断是否只验证登录的URL
  51. if _, ok := filterOnlyLoginCheckURLMap[ctx.Request.URL.Path]; ok {
  52. return
  53. }
  54. o := orm.NewOrm()
  55. powerDao := powerlibs.NewPower(o)
  56. power, err := powerDao.Read_Power_ByT_id(user_r.T_power)
  57. if err != nil {
  58. data := lib.JSONS{Code: 202, Msg: "无权访问!"}
  59. ctx.Output.JSON(data, true, false)
  60. return
  61. }
  62. if power.T_menu == "*" {
  63. return
  64. }
  65. api := Account.Read_API_List_ByPower(power.T_id, power.T_menu)
  66. flag := false
  67. for _, v := range api {
  68. if v.T_uri == ctx.Request.URL.Path {
  69. flag = true
  70. break
  71. }
  72. }
  73. if !flag {
  74. data := lib.JSONS{Code: 202, Msg: "无权访问!"}
  75. ctx.Output.JSON(data, true, false)
  76. return
  77. }
  78. }