gorm update
This commit is contained in:
@@ -1,33 +1,52 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
systemmodel "management/internal/erpserver/model/system"
|
||||
v1 "management/internal/erpserver/service/v1"
|
||||
"management/internal/pkg/know"
|
||||
"management/internal/pkg/session"
|
||||
|
||||
"github.com/drhin/logger"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
func (m *middleware) Audit(next http.Handler) http.Handler {
|
||||
fn := func(w http.ResponseWriter, r *http.Request) {
|
||||
start := time.Now()
|
||||
defer func(res http.ResponseWriter, req *http.Request) {
|
||||
// 记录审计日志
|
||||
go m.writeLog(req, start)
|
||||
}(w, r)
|
||||
next.ServeHTTP(w, r)
|
||||
func Audit(sess session.Manager, auditLogService v1.AuditLogService, log *logger.Logger) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
start := time.Now()
|
||||
defer func() {
|
||||
go func() {
|
||||
ctx := r.Context()
|
||||
user, err := sess.GetUser(ctx, know.StoreName)
|
||||
if err != nil {
|
||||
log.Error(err.Error(), err)
|
||||
return
|
||||
}
|
||||
|
||||
if user.ID == 0 {
|
||||
log.Error("scs get user is empty", errors.New("scs get user is empty"))
|
||||
return
|
||||
}
|
||||
|
||||
al := systemmodel.NewAuditLog(r, user.Email, user.OS, user.Browser, start, time.Now())
|
||||
if err := auditLogService.Create(ctx, al); err != nil {
|
||||
log.Error(err.Error(), err,
|
||||
zap.Int32("user_id", user.ID),
|
||||
zap.String("user", user.Email),
|
||||
zap.String("ip", al.Ip),
|
||||
zap.String("os", al.Os),
|
||||
zap.String("method", al.Method),
|
||||
zap.String("path", al.Url),
|
||||
)
|
||||
}
|
||||
}()
|
||||
}()
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
return http.HandlerFunc(fn)
|
||||
}
|
||||
|
||||
func (m *middleware) writeLog(req *http.Request, start time.Time) {
|
||||
end := time.Now()
|
||||
user := m.AuthUser(req.Context())
|
||||
al := systemmodel.NewAuditLog(req, user.Email, user.OS, user.Browser, start, end)
|
||||
|
||||
c, cancel := context.WithTimeout(context.Background(), time.Second*3)
|
||||
defer cancel()
|
||||
|
||||
_ = m.auditLogService.Create(c, al)
|
||||
}
|
||||
|
||||
@@ -1,94 +1,59 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
|
||||
"management/internal/erpserver/model/dto"
|
||||
v1 "management/internal/erpserver/service/v1"
|
||||
"management/internal/pkg/know"
|
||||
"management/internal/pkg/session"
|
||||
)
|
||||
|
||||
var defaultMenus = map[string]bool{
|
||||
"/home.html": true,
|
||||
"/dashboard": true,
|
||||
"/system/menus": true,
|
||||
"/upload/img": true,
|
||||
"/upload/file": true,
|
||||
"/upload/mutilfile": true,
|
||||
"/pear.json": true,
|
||||
var publicRoutes = map[string]bool{
|
||||
"/home.html": true,
|
||||
"/dashboard": true,
|
||||
"/system/menus": true,
|
||||
"/upload/img": true,
|
||||
"/upload/file": true,
|
||||
"/upload/multi_files": true,
|
||||
"/pear.json": true,
|
||||
}
|
||||
|
||||
func (m *middleware) Authorize(next http.Handler) http.Handler {
|
||||
fn := func(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
user, ok := m.isLogin(ctx)
|
||||
if !ok {
|
||||
http.Redirect(w, r, "/", http.StatusFound)
|
||||
return
|
||||
}
|
||||
func Authorize(
|
||||
sess session.Manager,
|
||||
menuService v1.MenuService,
|
||||
) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
path := r.URL.Path
|
||||
|
||||
// 登陆检查
|
||||
user, err := sess.GetUser(ctx, know.StoreName)
|
||||
if err != nil || user.ID == 0 {
|
||||
http.Redirect(w, r, "/", http.StatusFound)
|
||||
return
|
||||
}
|
||||
|
||||
// 公共路由放行
|
||||
if publicRoutes[path] {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// 权限检查
|
||||
menus, err := menuService.ListByRoleIDToMap(ctx, user.RoleID)
|
||||
if err != nil || !hasPermission(menus, path) {
|
||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
// 登陆成功 判断权限
|
||||
path := r.URL.Path
|
||||
if b, ok := defaultMenus[path]; ok && b {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
menus, err := m.menuService.ListByRoleIDToMap(ctx, user.RoleID)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if _, ok := menus[path]; ok {
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||
})
|
||||
}
|
||||
|
||||
return http.HandlerFunc(fn)
|
||||
}
|
||||
|
||||
func (m *middleware) isLogin(ctx context.Context) (*dto.AuthorizeUser, bool) {
|
||||
if exists := m.session.Exists(ctx, know.StoreName); exists {
|
||||
b := m.session.GetBytes(ctx, know.StoreName)
|
||||
var user dto.AuthorizeUser
|
||||
if err := json.Unmarshal(b, &user); err == nil && user.ID > 0 {
|
||||
return &user, true
|
||||
}
|
||||
}
|
||||
|
||||
return nil, false
|
||||
}
|
||||
|
||||
func (m *middleware) AuthUser(ctx context.Context) dto.AuthorizeUser {
|
||||
var user dto.AuthorizeUser
|
||||
if exists := m.session.Exists(ctx, know.StoreName); exists {
|
||||
b := m.session.GetBytes(ctx, know.StoreName)
|
||||
_ = json.Unmarshal(b, &user)
|
||||
}
|
||||
return user
|
||||
}
|
||||
|
||||
func (m *middleware) IsAuth(ctx context.Context) bool {
|
||||
var user dto.AuthorizeUser
|
||||
b := m.session.GetBytes(ctx, know.StoreName)
|
||||
if err := json.Unmarshal(b, &user); err == nil && user.ID > 0 {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (m *middleware) RefreshToken(ctx context.Context) bool {
|
||||
if err := m.session.RenewToken(ctx); err == nil {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (m *middleware) Destroy(ctx context.Context) error {
|
||||
return m.session.Destroy(ctx)
|
||||
func hasPermission(menus map[string]*dto.OwnerMenuDto, path string) bool {
|
||||
_, ok := menus[path]
|
||||
return ok
|
||||
}
|
||||
|
||||
@@ -6,6 +6,6 @@ import (
|
||||
"github.com/justinas/nosurf"
|
||||
)
|
||||
|
||||
func (m *middleware) NoSurf(next http.Handler) http.Handler {
|
||||
func NoSurf(next http.Handler) http.Handler {
|
||||
return nosurf.New(next)
|
||||
}
|
||||
@@ -1,35 +0,0 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"management/internal/erpserver/model/dto"
|
||||
v1 "management/internal/erpserver/service/v1"
|
||||
"management/internal/pkg/session"
|
||||
)
|
||||
|
||||
type Middleware interface {
|
||||
Audit(next http.Handler) http.Handler
|
||||
NoSurf(next http.Handler) http.Handler
|
||||
LoadSession(next http.Handler) http.Handler
|
||||
Authorize(next http.Handler) http.Handler
|
||||
AuthUser(ctx context.Context) dto.AuthorizeUser
|
||||
IsAuth(ctx context.Context) bool
|
||||
RefreshToken(ctx context.Context) bool
|
||||
Destroy(ctx context.Context) error
|
||||
}
|
||||
|
||||
type middleware struct {
|
||||
session session.Session
|
||||
menuService v1.MenuService
|
||||
auditLogService v1.AuditLogService
|
||||
}
|
||||
|
||||
func New(session session.Session, menuService v1.MenuService, auditLogService v1.AuditLogService) Middleware {
|
||||
return &middleware{
|
||||
session: session,
|
||||
menuService: menuService,
|
||||
auditLogService: auditLogService,
|
||||
}
|
||||
}
|
||||
@@ -2,8 +2,10 @@ package middleware
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"management/internal/pkg/session"
|
||||
)
|
||||
|
||||
func (m *middleware) LoadSession(next http.Handler) http.Handler {
|
||||
return m.session.LoadAndSave(next)
|
||||
func LoadSession(sm session.Manager) func(http.Handler) http.Handler {
|
||||
return sm.Load
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user