调整鉴权接口

gateway/middleware/auth.go

@@ -31,7 +31,9 @@ func Authentication() gateway.Handler {
 		requestBuilder.Post(&gateway.PostRequest{
 			Url: config.GetGatewayConfig().ServicesConfig.UMBaseUrl + "/utm/api/v1/checkToken",
 			Body: map[string]any{
-				"token": token,
+				"token":    token,
+				"resource": c.FullPath(),
+				"action":   c.Request.Method,
 			},
 		}).ResponseSuccessCallback(func(c *gateway.RequestBuilderContext) {
 			userID, ok := c.GetResultMapValue("userId").(string)
@@ -44,88 +46,6 @@ func Authentication() gateway.Handler {
 			}
 		}).Request()
 
-		currentTenant, err := ngumInner.GetUserCurrentTenant(umCheckResult.UserID)
-		if err != nil {
-			fslog.Error(err)
-			respFunc(c, http.StatusUnauthorized, map[string]any{
-				"code":        ErrGetCurOrg.Code(),
-				"accessToken": "",
-			}, ErrGetCurOrg)
-			c.Abort()
-			return
-		}
-
-		tangentSimpleUserInfo := new(mbum_resp.TangentUserProfileInfo)
-		tenantStatus := new(ngtm_resp.TenantStatus)
-		if currentTenant.ID != "" {
-			tenantStatus, err = ngtmInner.GetTenantStatus(currentTenant.ID)
-			if err != nil {
-				fslog.Error(err)
-				respFunc(c, http.StatusUnauthorized, map[string]any{
-					"code":        ErrGetCurOrg.Code(),
-					"accessToken": "",
-				}, ErrGetCurOrgUserInfo)
-				c.Abort()
-				return
-			}
-
-			tangentSimpleUserInfo, err = ngumInner.GetTenantUserProfileSimpleByID(currentTenant.ID, umCheckResult.UserID)
-			if err != nil {
-				fslog.Error(err)
-				respFunc(c, http.StatusUnauthorized, map[string]any{
-					"code":        ErrGetCurOrg.Code(),
-					"accessToken": "",
-				}, ErrGetCurOrgUserInfo)
-				c.Abort()
-				return
-			}
-		}
-
-		// 2.使用新的uas 直接根据用户id和访问资源信息判断是否有权限。
-		authInfo, err := uasV1.Authentication(&uasV1Req.AuthenticationJsonBody{
-			TenantID:       currentTenant.ID,
-			UserID:         umCheckResult.UserID,
-			Namespace:      global.Namespace,
-			Resource:       c.FullPath(),
-			Action:         c.Request.Method,
-			IsExpireStatus: tenantStatus.IsExpireStatus,
-		})
-		if err != nil {
-			fslog.Error(err)
-			respFunc(c, http.StatusUnauthorized, map[string]any{
-				"code":        ErrAuth.Code(),
-				"accessToken": "",
-			}, ErrAuth)
-			c.Abort()
-			return
-		}
-
-		if authInfo != nil && !authInfo.Pass {
-			fslog.Error(fmt.Errorf("path:%s,method:%s", c.Request.URL.Path, c.Request.Method))
-			respFunc(c, http.StatusUnauthorized, map[string]any{
-				"code":        ErrNoPermission.Code(),
-				"accessToken": "",
-			}, ErrNoPermission)
-			c.Abort()
-			return
-		}
-
-		// 组合角色
-		roles := make([]RoleInfo, 0)
-		for _, sysRole := range authInfo.SysRoles {
-			roles = append(roles, RoleInfo{
-				ID:   sysRole.ID,
-				Name: sysRole.Name,
-			})
-
-		}
-		for _, tangentRole := range authInfo.TenantRoles {
-			roles = append(roles, RoleInfo{
-				ID:   tangentRole.ID,
-				Name: tangentRole.Name,
-			})
-		}
-
 		c.SetUserInfo(&UserInfoWithRoles{
 			ID:                 umCheckResult.UserID,
 			UserName:           umCheckResult.UserName,

utm/application/domain/auth/info.go

@@ -0,0 +1,20 @@
+package auth
+
+type AuthenticationResult struct {
+	TenantID   string `json:"tenantId"`
+	TenantName string `json:"tenantName"`
+	UserID     string `json:"userId"`
+	UserName   string `json:"userName"`
+	Roles      []Role `json:"roles"`
+}
+
+type Role struct {
+	ID          string       `json:"id"`
+	Name        string       `json:"name"`
+	Permissions []Permission `json:"permissions"`
+}
+
+type Permission struct {
+	Resource string `json:"resource"`
+	Action   string `json:"action"`
+}

utm/application/domain/auth/request_params.go

@@ -7,6 +7,8 @@ type (
 	}
 
 	CheckTokenJsonBody struct {
-		Token string `json:"token" binding:"required"`
+		Token    string `json:"token" binding:"required"`
+		Resource string `json:"resource" binding:"required"`
+		Action   string `json:"action" binding:"required"`
 	}
 )

utm/application/service/auth.go

@@ -4,6 +4,7 @@ import (
 	"baize_scaffold/utm/application/domain/auth"
 	"baize_scaffold/utm/data_loader"
 	"baize_scaffold/utm/tools"
+	"fmt"
 
 	"git.sxidc.com/go-framework/baize/framework/binding"
 	"git.sxidc.com/go-framework/baize/framework/core/api"
@@ -67,15 +68,12 @@ func (svc *AuthService) v1(appInstance *application.App) {
 	v1Binder := binding.NewBinder(appInstance.ChooseRouter(api.RouterPrefix, "v1"), nil)
 
 	binding.PostBind(v1Binder, &binding.SimpleBindItem[map[string]any]{
-		Path:             "/checkToken",
+		Path:             "/auth",
 		SendResponseFunc: response.SendMapResponse,
 		RequestParams:    &auth.CheckTokenJsonBody{},
 		ServiceFunc: func(c *api.Context, params request.Params, objects []domain.Object, i *infrastructure.Infrastructure) (map[string]any, error) {
 			errResponse := map[string]any{
-				"tenantId":   "",
-				"tenantName": "",
-				"userId":     "",
-				"userName":   "",
+				"result": &auth.AuthenticationResult{},
 			}
 
 			jsonBody, err := request.ToConcrete[*auth.CheckTokenJsonBody](params)
@@ -102,11 +100,51 @@ func (svc *AuthService) v1(appInstance *application.App) {
 				return errResponse, err
 			}
 
+			roles, err := data_loader.GetDataLoader().GetRolesByIDs(user.RoleIDs)
+			if err != nil {
+				return errResponse, err
+			}
+
+			find := false
+			for _, role := range roles {
+				for _, permission := range role.Permissions {
+					if permission.Resource == jsonBody.Resource && permission.Action == jsonBody.Action {
+						find = true
+						break
+					}
+				}
+			}
+
+			if !find {
+				return errResponse, errors.New(fmt.Sprintf("用户无权限: Resource: %s, Action: %s",
+					jsonBody.Resource, jsonBody.Action))
+			}
+
+			resultRoles := make([]auth.Role, 0)
+			for _, role := range roles {
+				resultRolePermissions := make([]auth.Permission, 0)
+				for _, permission := range role.Permissions {
+					resultRolePermissions = append(resultRolePermissions, auth.Permission{
+						Resource: permission.Resource,
+						Action:   permission.Action,
+					})
+				}
+
+				resultRoles = append(resultRoles, auth.Role{
+					ID:          role.ID,
+					Name:        role.Name,
+					Permissions: resultRolePermissions,
+				})
+			}
+
 			return map[string]any{
-				"tenantId":   tenant.ID,
-				"tenantName": tenant.Name,
-				"userId":     user.ID,
-				"userName":   user.UserName,
+				"result": &auth.AuthenticationResult{
+					TenantID:   tenant.ID,
+					TenantName: tenant.Name,
+					UserID:     user.ID,
+					UserName:   user.UserName,
+					Roles:      resultRoles,
+				},
 			}, nil
 		},
 	})

utm/data_loader/data_loader.go

@@ -149,3 +149,21 @@ func (d *DataLoader) GetTenantByID(tenantID string) (Tenant, error) {
 
 	return Tenant{}, nil
 }
+
+func (d *DataLoader) GetRolesByIDs(roleIDs []string) ([]Role, error) {
+	roles := make([]Role, 0)
+
+	if roleIDs == nil || len(roleIDs) == 0 {
+		return roles, nil
+	}
+
+	for _, roleID := range roleIDs {
+		for _, role := range d.Roles {
+			if role.ID == roleID {
+				roles = append(roles, role)
+			}
+		}
+	}
+
+	return roles, nil
+}