first commit

internal/middleware/manage/auth/authorize.go

@@ -0,0 +1,83 @@
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+
+	"management/internal/db/model/dto"
+	"management/internal/global/auth"
+	"management/internal/pkg/session"
+	systemservice "management/internal/service/system"
+)
+
+var defaultMenus = map[string]bool{
+	"/home.html":        true,
+	"/system/menus":     true,
+	"/upload/img":       true,
+	"/upload/file":      true,
+	"/upload/mutilfile": true,
+	"/pear.json":        true,
+}
+
+func Authorize(next http.Handler) http.Handler {
+	fn := func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+		user, ok := isLogin(ctx)
+		if !ok {
+			http.Redirect(w, r, "/", http.StatusFound)
+			return
+		}
+
+		if user == nil {
+			http.Error(w, "user not found", http.StatusUnauthorized)
+			return
+		}
+
+		// 登陆成功 判断权限
+
+		// 默认权限判断
+		path := r.URL.Path
+		if b, ok := defaultMenus[path]; ok && b {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		menus, err := systemservice.MapOwnerMenuByRoleID(ctx, user.RoleID)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		if _, ok := menus[path]; ok {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+	}
+
+	return http.HandlerFunc(fn)
+}
+
+func isLogin(ctx context.Context) (*dto.AuthorizeUser, bool) {
+	if exists := session.Exists(ctx, auth.StoreName); exists {
+		b := session.GetBytes(ctx, auth.StoreName)
+		var user dto.AuthorizeUser
+		if err := json.Unmarshal(b, &user); err != nil {
+			return nil, false
+		}
+		return &user, true
+	}
+
+	return nil, false
+}
+
+func AuthUser(ctx context.Context) dto.AuthorizeUser {
+	var user dto.AuthorizeUser
+	if exists := session.Exists(ctx, auth.StoreName); exists {
+		b := session.GetBytes(ctx, auth.StoreName)
+		_ = json.Unmarshal(b, &user)
+	}
+	return user
+}