v2

2025-03-28 17:51:34 +08:00
parent da612380e0
commit 5c8802d2f0
68 changed files with 3422 additions and 630 deletions
--- a/internal/pkg/middleware/audit.go
+++ b/internal/pkg/middleware/audit.go
@@ -0,0 +1,73 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	db "management/internal/db/sqlc"
+
+	"github.com/zhang2092/browser"
+)
+
+func (m *middleware) Audit(next http.Handler) http.Handler {
+	fn := func(w http.ResponseWriter, r *http.Request) {
+		start := time.Now()
+		defer func(res http.ResponseWriter, req *http.Request) {
+			// 记录审计日志
+			go m.writeLog(req, start)
+		}(w, r)
+		next.ServeHTTP(w, r)
+	}
+
+	return http.HandlerFunc(fn)
+}
+
+func (m *middleware) writeLog(req *http.Request, start time.Time) {
+	end := time.Now()
+	duration := end.Sub(start)
+	var params string
+	method := req.Method
+	if method == "GET" {
+		params = req.URL.Query().Encode()
+	} else if method == "POST" {
+		contentType := req.Header.Get("Content-Type")
+		if strings.Contains(contentType, "application/json") {
+			body := make([]byte, req.ContentLength)
+			req.Body.Read(body)
+			params = string(body)
+		} else if strings.Contains(contentType, "application/x-www-form-urlencoded") {
+			params = req.Form.Encode()
+		}
+	}
+
+	ctx := req.Context()
+	au := m.AuthUser(ctx)
+	arg := &db.CreateSysAuditLogParams{
+		CreatedAt:  time.Now(),
+		Email:      au.Email,
+		Username:   au.Username,
+		UserUuid:   au.Uuid,
+		StartAt:    start,
+		EndAt:      end,
+		Duration:   strconv.FormatInt(duration.Milliseconds(), 10),
+		Url:        req.URL.RequestURI(),
+		Method:     method,
+		Parameters: params,
+		RefererUrl: req.Header.Get("Referer"),
+		Ip:         req.RemoteAddr,
+		Remark:     "",
+	}
+	br, err := browser.NewBrowser(req.Header.Get("User-Agent"))
+	if err == nil {
+		arg.Os = br.Platform().Name()
+		arg.Browser = br.Name()
+	}
+
+	c, cancel := context.WithTimeout(context.Background(), time.Second*3)
+	defer cancel()
+
+	_ = m.biz.AuditBiz().Create(c, arg)
+}
--- a/internal/pkg/middleware/authorize.go
+++ b/internal/pkg/middleware/authorize.go
@@ -0,0 +1,81 @@
+package middleware
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+
+	"management/internal/db/model/dto"
+	"management/internal/global/auth"
+)
+
+var defaultMenus = map[string]bool{
+	"/home.html":        true,
+	"/system/menus":     true,
+	"/upload/img":       true,
+	"/upload/file":      true,
+	"/upload/mutilfile": true,
+	"/pear.json":        true,
+}
+
+func (m *middleware) Authorize(next http.Handler) http.Handler {
+	fn := func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+		user, ok := m.isLogin(ctx)
+		if !ok {
+			http.Redirect(w, r, "/", http.StatusFound)
+			return
+		}
+
+		if user == nil {
+			http.Error(w, "user not found", http.StatusUnauthorized)
+			return
+		}
+
+		// 登陆成功 判断权限
+
+		// 默认权限判断
+		path := r.URL.Path
+		if b, ok := defaultMenus[path]; ok && b {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		menus, err := m.biz.MenuBiz().MapOwnerMenuByRoleID(ctx, user.RoleID)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if _, ok := menus[path]; ok {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+	}
+
+	return http.HandlerFunc(fn)
+}
+
+func (m *middleware) isLogin(ctx context.Context) (*dto.AuthorizeUser, bool) {
+	if exists := m.session.Exists(ctx, auth.StoreName); exists {
+		b := m.session.GetBytes(ctx, auth.StoreName)
+		var user dto.AuthorizeUser
+		if err := json.Unmarshal(b, &user); err != nil {
+			return nil, false
+		}
+		return &user, true
+	}
+
+	return nil, false
+}
+
+func (m *middleware) AuthUser(ctx context.Context) dto.AuthorizeUser {
+	var user dto.AuthorizeUser
+	if exists := m.session.Exists(ctx, auth.StoreName); exists {
+		b := m.session.GetBytes(ctx, auth.StoreName)
+		_ = json.Unmarshal(b, &user)
+	}
+	return user
+}
--- a/internal/pkg/middleware/middleware.go
+++ b/internal/pkg/middleware/middleware.go
@@ -0,0 +1,29 @@
+package middleware
+
+import (
+	"net/http"
+
+	systemv1 "management/internal/erpserver/biz/v1/system"
+	"management/internal/pkg/session"
+)
+
+type IMiddleware interface {
+	Audit(next http.Handler) http.Handler
+	NoSurf(next http.Handler) http.Handler
+	LoadSession(next http.Handler) http.Handler
+	Authorize(next http.Handler) http.Handler
+}
+
+type middleware struct {
+	biz     systemv1.SystemBiz
+	session session.ISession
+}
+
+var _ IMiddleware = (*middleware)(nil)
+
+func New(biz systemv1.SystemBiz, session session.ISession) IMiddleware {
+	return &middleware{
+		biz:     biz,
+		session: session,
+	}
+}
--- a/internal/pkg/middleware/nocsrf.go
+++ b/internal/pkg/middleware/nocsrf.go
@@ -0,0 +1,11 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/justinas/nosurf"
+)
+
+func (m *middleware) NoSurf(next http.Handler) http.Handler {
+	return nosurf.New(next)
+}
--- a/internal/pkg/middleware/session.go
+++ b/internal/pkg/middleware/session.go
@@ -0,0 +1,9 @@
+package middleware
+
+import (
+	"net/http"
+)
+
+func (m *middleware) LoadSession(next http.Handler) http.Handler {
+	return m.session.LoadAndSave(next)
+}