middlewares.go 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
  1. package middlewares
  2. import (
  3. "git.sxidc.com/go-framework/baize/convenient/domain/auth/jwt_tools"
  4. "git.sxidc.com/go-framework/baize/convenient/domain/auth/permission"
  5. "git.sxidc.com/go-framework/baize/convenient/domain/auth/role"
  6. "git.sxidc.com/go-framework/baize/convenient/domain/auth/user"
  7. "git.sxidc.com/go-framework/baize/framework/binding"
  8. "git.sxidc.com/go-framework/baize/framework/core/api"
  9. "git.sxidc.com/go-framework/baize/framework/core/api/response"
  10. "git.sxidc.com/go-framework/baize/framework/core/domain"
  11. "git.sxidc.com/go-framework/baize/framework/core/domain/entity"
  12. "git.sxidc.com/go-framework/baize/framework/core/infrastructure"
  13. "git.sxidc.com/go-framework/baize/framework/core/infrastructure/database"
  14. "git.sxidc.com/go-framework/baize/framework/core/infrastructure/database/sql"
  15. "github.com/dgrijalva/jwt-go/request"
  16. "github.com/pkg/errors"
  17. "net/http"
  18. )
  19. func Authentication(dbSchema string, jwtSecretKey string) binding.Middleware {
  20. return func(c *api.Context, i *infrastructure.Infrastructure) {
  21. respFunc := response.SendMapResponse
  22. // 获取token
  23. token, err := request.AuthorizationHeaderExtractor.ExtractToken(c.Request)
  24. if err != nil {
  25. respFunc(c, http.StatusUnauthorized, nil, errors.New(err.Error()))
  26. c.Abort()
  27. return
  28. }
  29. // 校验token
  30. valid, _, err := jwt_tools.CheckJWT(jwtSecretKey, token)
  31. if err != nil {
  32. respFunc(c, http.StatusUnauthorized, nil, errors.New(err.Error()))
  33. c.Abort()
  34. return
  35. }
  36. if !valid {
  37. respFunc(c, http.StatusUnauthorized, nil, errors.New("无效token"))
  38. c.Abort()
  39. return
  40. }
  41. // 获取用户信息
  42. dbExecutor := i.DBExecutor()
  43. // 查询用户
  44. result, err := database.QueryOne(dbExecutor, &sql.QueryOneExecuteParams{
  45. TableName: domain.TableName(dbSchema, &user.Entity{}),
  46. Conditions: sql.NewConditions().Equal(user.ColumnToken, token),
  47. })
  48. if err != nil {
  49. if database.IsErrorDBRecordNotExist(err) {
  50. respFunc(c, http.StatusUnauthorized, nil, errors.New("token对应的用户不存在"))
  51. } else {
  52. respFunc(c, http.StatusUnauthorized, nil, errors.New(err.Error()))
  53. }
  54. c.Abort()
  55. return
  56. }
  57. userInfo := new(user.Info)
  58. err = sql.ParseSqlResult(result, userInfo)
  59. if err != nil {
  60. respFunc(c, http.StatusUnauthorized, nil, errors.New(err.Error()))
  61. c.Abort()
  62. return
  63. }
  64. // 获取用户的角色
  65. roleIDResults, totalCount, err := database.Query(dbExecutor, &sql.QueryExecuteParams{
  66. TableName: domain.RelationTableName(dbSchema, &user.Entity{}, &role.Entity{}),
  67. SelectClauses: []string{domain.RelationColumnName(&role.Entity{})},
  68. Conditions: sql.NewConditions().Equal(domain.RelationColumnName(&user.Entity{}), userInfo.GetID()),
  69. PageNo: 0,
  70. PageSize: 0,
  71. })
  72. if err != nil {
  73. respFunc(c, http.StatusUnauthorized, nil, errors.New(err.Error()))
  74. c.Abort()
  75. return
  76. }
  77. if totalCount == 0 {
  78. respFunc(c, http.StatusUnauthorized, nil, errors.New("用户没有权限访问该资源: 没有分配角色"))
  79. c.Abort()
  80. return
  81. }
  82. roleIDs := make([]string, 0)
  83. err = sql.ParseSqlResult(roleIDResults, &roleIDs)
  84. if err != nil {
  85. respFunc(c, http.StatusUnauthorized, nil, errors.New(err.Error()))
  86. c.Abort()
  87. return
  88. }
  89. // 查找权限
  90. permissionIDResult, err := database.QueryOne(dbExecutor, &sql.QueryOneExecuteParams{
  91. TableName: domain.TableName(dbSchema, &permission.Entity{}),
  92. SelectClauses: []string{entity.ColumnID},
  93. Conditions: sql.NewConditions().Equal(permission.ColumnResource, c.FullPath()).
  94. Equal(permission.ColumnAction, c.Request.Method),
  95. })
  96. if err != nil {
  97. if database.IsErrorDBRecordNotExist(err) {
  98. respFunc(c, http.StatusUnauthorized, nil, errors.New("用户没有权限访问该资源: 没有分配权限"))
  99. } else {
  100. respFunc(c, http.StatusUnauthorized, nil, errors.New(err.Error()))
  101. }
  102. c.Abort()
  103. return
  104. }
  105. // 查询用户权限
  106. permissionExist, err := database.CheckExist(dbExecutor, &sql.CheckExistExecuteParams{
  107. TableName: domain.RelationTableName(dbSchema, &role.Entity{}, &permission.Entity{}),
  108. Conditions: sql.NewConditions().In(domain.RelationColumnName(&role.Entity{}), roleIDs).
  109. Equal(domain.RelationColumnName(&permission.Entity{}), permissionIDResult.ColumnValueString(entity.ColumnID)),
  110. })
  111. if err != nil {
  112. respFunc(c, http.StatusUnauthorized, nil, errors.New(err.Error()))
  113. c.Abort()
  114. return
  115. }
  116. if !permissionExist {
  117. respFunc(c, http.StatusUnauthorized, nil, errors.New("用户没有权限访问该资源: 角色中没有该权限"))
  118. c.Abort()
  119. return
  120. }
  121. // 设置用户上下文
  122. c.SetUserInfo(userInfo)
  123. c.Next()
  124. }
  125. }