apps/x_admin
1
0
Fork 0
mirror of https://gitee.com/xiangheng/x_admin.git synced 2025-10-05 16:17:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev
x_admin/server/middleware/auth.go
xh 5bc7d9dffd 优化鉴权
2025-09-19 03:33:02 +08:00

156 lines
4.0 KiB
Go
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package middleware
import (
"strconv"
"strings"
"x_admin/app/service/systemService"
"x_admin/config"
"x_admin/core"
"x_admin/core/response"
"x_admin/model/system_model"
"x_admin/util"
"github.com/gin-gonic/gin"
)
func Auth(c *gin.Context) response.RespType {
// Token是否为空
token := c.Request.Header.Get("token")
if token == "" { // 从url获取token
token = c.Request.URL.Query().Get("token")
}
if token == "" {
return response.TokenEmpty
}
// Token是否过期
tokenKey := config.AdminConfig.BackstageTokenKey + token
existCnt := util.RedisUtil.Exists(tokenKey)
if existCnt < 0 {
return response.SystemError
} else if existCnt == 0 {
return response.TokenInvalid
}
// 用户信息缓存
uidStr := util.RedisUtil.Get(tokenKey)
var uid uint
if uidStr != "" {
i, err := strconv.ParseUint(uidStr, 10, 32)
if err != nil {
core.Logger.Errorf("uid读取失败: [%+v]", err)
return response.TokenInvalid
}
uid = uint(i)
}
// redis管理员信息不存在时缓存
if !util.RedisUtil.HExists(config.AdminConfig.BackstageManageKey, uidStr) {
err := systemService.AdminService.CacheAdminUserByUid(uid) //缓存管理员
if err != nil {
core.Logger.Errorf("缓存管理员失败: err=[%+v]", err)
return response.SystemError
}
}
// 校验用户被删除
var adminUser system_model.SystemAuthAdmin
err := util.ToolsUtil.JsonToObj(util.RedisUtil.HGet(config.AdminConfig.BackstageManageKey, uidStr), &adminUser)
if err != nil {
core.Logger.Errorf("TokenAuth Unmarshal err: err=[%+v]", err)
return response.SystemError
}
if adminUser.IsDelete == 1 {
util.RedisUtil.Del(tokenKey)
util.RedisUtil.HDel(config.AdminConfig.BackstageManageKey + uidStr)
return response.TokenInvalid
}
// 校验用户被禁用
if adminUser.IsDisable == 1 {
return response.LoginDisableError
}
// 令牌剩余30分钟自动续签
if util.RedisUtil.TTL(tokenKey) < 1800 {
util.RedisUtil.Expire(tokenKey, 7200)
}
// 单次请求信息保存
c.Set(config.AdminConfig.ReqAdminIdKey, uid)
c.Set(config.AdminConfig.ReqRoleIdKey, adminUser.Role)
c.Set(config.AdminConfig.ReqUsernameKey, adminUser.Username)
c.Set(config.AdminConfig.ReqNicknameKey, adminUser.Nickname)
// 校验角色的权限redis没有就重新查询
roleId := adminUser.Role
if !util.RedisUtil.HExists(config.AdminConfig.BackstageRolesKey, roleId) {
i, err := strconv.ParseUint(roleId, 10, 32)
if err != nil {
core.Logger.Errorf("TokenAuth Atoi roleId err: err=[%+v]", err)
return response.SystemError
}
err = systemService.PermService.CacheRoleMenusByRoleId(uint(i))
if err != nil {
core.Logger.Errorf("TokenAuth CacheRoleMenusByRoleId err: err=[%+v]", err)
return response.SystemError
}
}
return response.Success
}
// 仅检查token有效性获取用户信息不判断接口权限
func LoginAuth() gin.HandlerFunc {
return func(c *gin.Context) {
resp := Auth(c)
if resp != response.Success {
response.Fail(c, resp)
c.Abort()
return
}
c.Next()
}
}
// TokenAuth 检查token有效性获取用户信息并判断接口权限
func TokenAuth() gin.HandlerFunc {
return func(c *gin.Context) {
// 路由转权限
ApiAuth := strings.ReplaceAll(strings.Replace(c.Request.URL.Path, "/api/", "", 1), "/", ":")
// 免登录接口
if util.ToolsUtil.Contains(config.AdminConfig.NotLoginUri, ApiAuth) {
c.Next()
return
}
resp := Auth(c)
if resp != response.Success {
response.Fail(c, resp)
c.Abort()
return
}
// 免权限验证接口
if util.ToolsUtil.Contains(config.AdminConfig.NotAuthUri, ApiAuth) {
c.Next()
return
}
if config.AdminConfig.GetAdminId(c) == config.AdminConfig.SuperAdminId {
c.Next()
return
}
// 验证是否有权限操作
menus := util.RedisUtil.HGet(config.AdminConfig.BackstageRolesKey, config.AdminConfig.GetRoleId(c))
if !(menus != "" && util.ToolsUtil.Contains(strings.Split(menus, ","), ApiAuth)) {
response.Fail(c, response.NoPermission)
c.Abort()
return
}
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink