package routers import ( "ERP_user/conf" "ERP_user/logs" "ERP_user/models/Account" "git.baozhida.cn/ERP_libs/lib" "github.com/beego/beego/v2/server/web/context" "strings" ) var ( filterExcludeURLMap = make(map[string]int) // 不鉴权的URL filterOnlyLoginCheckURLMap = make(map[string]int) // 只鉴权登录的URL ) func init() { //初始化配置 不鉴权的URL和只鉴权登录的URL logs.Println("=========== 初始化路由筛选信息 =========") excludeUrl := conf.FilterExcludeURL if len(excludeUrl) > 0 { excludeUrlSlice := strings.Split(excludeUrl, ",") if len(excludeUrlSlice) > 0 { for _, v := range excludeUrlSlice { filterExcludeURLMap[v] = 1 } } } checkLoginUrl := conf.FilterOnlyLoginCheckURL if len(checkLoginUrl) > 0 { checkLoginUrlSlice := strings.Split(checkLoginUrl, ",") if len(checkLoginUrlSlice) > 0 { for _, v := range checkLoginUrlSlice { filterOnlyLoginCheckURLMap[v] = 1 } } } } func RBACFilter(ctx *context.Context) { //判断URL是否排除 if _, ok := filterExcludeURLMap[ctx.Request.URL.Path]; ok { return } b_, admin_r := Account.Verification(ctx.GetCookie("User_tokey"), ctx.Input.Query("User_tokey")) if !b_ { ctx.Output.JSON(lib.JSONS{Code: 201, Msg: "请重新登陆!"}, true, false) return } //判断是否只验证登录的URL if _, ok := filterOnlyLoginCheckURLMap[ctx.Request.URL.Path]; b_ && ok { return } power, _ := Account.Read_Power_ByT_id(admin_r.T_power) if power.T_menu == "*" { return } api := Account.Read_API_List_ByPower(power.T_id, power.T_menu) flag := false for _, v := range api { if v.T_uri == ctx.Request.URL.Path { flag = true break } } if !flag { data := lib.JSONS{Code: 202, Msg: "无权访问!"} ctx.Output.JSON(data, true, false) return } }