package middlewares import ( "github.com/gin-gonic/gin" "hospital-admin-api/api/dao" "hospital-admin-api/api/responses" "hospital-admin-api/consts" "net/http" "regexp" "strings" ) // Auth Auth认证 func Auth() gin.HandlerFunc { return func(c *gin.Context) { // 获取角色id roleId := c.GetInt64("RoleId") if roleId == 0 { responses.Fail(c) c.Abort() return } // 获取用户id userId := c.GetInt64("UserId") if userId == 0 { responses.Fail(c) c.Abort() return } // 获取用户数据 adminUserDao := dao.AdminUserDao{} adminUser, err := adminUserDao.GetAdminUserFirstById(userId) if err != nil || adminUser == nil { responses.FailWithMessage("用户数据错误", c) c.Abort() return } if adminUser.Status == 2 { responses.FailWithMessage("用户审核中", c) c.Abort() return } if adminUser.Status == 3 { responses.FailWithMessage("用户已删除或禁用", c) c.Abort() return } if adminUser.RoleID == 0 { responses.FailWithMessage("用户角色错误", c) c.Abort() return } // 获取角色数据 AdminRoleDao := dao.AdminRoleDao{} adminRole, err := AdminRoleDao.GetAdminRoleFirstById(roleId) if err != nil || adminRole == nil { responses.FailWithMessage("角色错误", c) c.Abort() return } // 超级管理员不验证权限 if adminRole.IsAdmin == 1 { c.Next() return } // 检测角色是否已被禁用 if adminRole.RoleStatus == 2 { responses.FailWithMessage("角色已被禁用", c) c.Abort() return } // 获取用户部门数据 if adminUser.PostID != 0 { adminDeptDao := dao.AdminDeptDao{} adminDept, err := adminDeptDao.GetAdminDeptById(adminUser.PostID) if err != nil || adminDept == nil { responses.FailWithMessage("用户部门数据错误", c) c.Abort() return } if adminDept.DeptStatus == 2 { responses.FailWithMessage("您所在的部门已被删除,请联系管理员修改", c) c.Abort() return } } // 获取角色菜单id AdminRoleMenuDao := dao.AdminRoleMenuDao{} adminRoleMenu, _ := AdminRoleMenuDao.GetAdminRoleMenuListByRoleId(roleId) if adminRoleMenu == nil { c.JSON(http.StatusForbidden, gin.H{ "message": "暂无权限", "code": consts.CLIENT_HTTP_UNAUTHORIZED, "data": "", }) c.Abort() return } var apiPermissions = make(map[string]bool) // 获取菜单对应api adminMenuApiDao := dao.AdminMenuApiDao{} for _, v := range adminRoleMenu { AdminMenuApi, _ := adminMenuApiDao.GetAdminMenuApiListByMenuID(v.MenuID) if AdminMenuApi == nil { // 菜单无需权限 c.Next() return } // 将API权限存储在apiPermissions中 for _, api := range AdminMenuApi { apiPermissions[api.API.APIPath+api.API.APIMethod] = true } } path := c.Request.URL.Path // 编译正则表达式 reg := regexp.MustCompile("/(\\d+)$") // 进行匹配 match := reg.MatchString(c.Request.RequestURI) if match { // 找到最后一个数字的索引 lastSlashIndex := strings.LastIndex(c.Request.RequestURI, "/") if lastSlashIndex != -1 { // 替换最后一个数字部分为 :id path = path[:lastSlashIndex] + "/:id" + c.Request.Method } else { c.JSON(http.StatusOK, gin.H{ "message": "请求路径错误", "code": consts.SERVER_ERROR, "data": "", }) c.Abort() return } } else { path = path + c.Request.Method } // 在apiPermissions中查找对应的API权限 hasPermission := apiPermissions[path] if !hasPermission { c.JSON(http.StatusForbidden, gin.H{ "message": "暂无权限", "code": consts.CLIENT_HTTP_UNAUTHORIZED, "data": "", }) c.Abort() return } c.Next() } } // Auth 权限 // func Auth() gin.HandlerFunc { // return func(c *gin.Context) { // fmt.Println(123) // // // result, err := dao.AdminRole.GetAdminRoleById(roleId) // // fmt.Println(result) // // if err != nil { // // responses.FailWithMessage("用户数据错误", c) // // c.Abort() // // return // // } // // responses.OkWithData(&result, c) // // c.Abort() // // // 获取请求路径 // // url := c.Request.RequestURI // c.Next() // } // }