package middlewares import ( "github.com/gin-gonic/gin" "hospital-admin-api/api/dao" "hospital-admin-api/api/responses" "hospital-admin-api/consts" "net/http" "regexp" "strings" ) // Auth Auth认证 func Auth() gin.HandlerFunc { return func(c *gin.Context) { // 获取角色id roleId := c.GetInt64("RoleId") if roleId == 0 { responses.Fail(c) c.Abort() return } // 获取用户id userId := c.GetInt64("UserId") if userId == 0 { responses.Fail(c) c.Abort() return } // 获取用户数据 adminUserDao := dao.AdminUserDao{} adminUser, err := adminUserDao.GetAdminUserFirstById(userId) if err != nil || adminUser == nil { responses.FailWithMessage("用户数据错误", c) c.Abort() return } if adminUser.Status == 2 { responses.FailWithMessage("用户审核中", c) c.Abort() return } if adminUser.Status == 3 { responses.FailWithMessage("用户已删除或禁用", c) c.Abort() return } if adminUser.RoleID == 0 { responses.FailWithMessage("用户角色错误", c) c.Abort() return } // 获取角色数据 adminRoleDao := dao.AdminRoleDao{} adminRole, err := adminRoleDao.GetAdminRoleFirstById(roleId) if err != nil || adminRole == nil { responses.FailWithMessage("角色错误", c) c.Abort() return } // 检测角色是否已被禁用 if adminRole.RoleStatus == 2 { responses.FailWithMessage("角色已被禁用", c) c.Abort() return } // 超级管理员不验证权限 if adminRole.IsAdmin == 1 { c.Next() return } // 获取用户部门数据 if adminUser.DeptID != 0 { adminDeptDao := dao.AdminDeptDao{} adminDept, err := adminDeptDao.GetAdminDeptById(adminUser.DeptID) if err != nil || adminDept == nil { responses.FailWithMessage("用户部门数据错误", c) c.Abort() return } if adminDept.DeptStatus == 2 { responses.FailWithMessage("您所在的部门已被删除,请联系管理员修改", c) c.Abort() return } } // 获取用户部门数据 if adminUser.PostID != 0 { adminPostDao := dao.AdminPostDao{} adminPost, err := adminPostDao.GetAdminPostById(adminUser.PostID) if err != nil || adminPost == nil { responses.FailWithMessage("用户岗位数据错误", c) c.Abort() return } if adminPost.PostStatus == 2 { responses.FailWithMessage("您所在的岗位已被删除,请联系管理员修改", c) c.Abort() return } } path := c.Request.URL.Path // 匹配路由为/:id的接口 reg := regexp.MustCompile("/(\\d+)$") match := reg.MatchString(c.Request.RequestURI) if match { // 找到最后一个数字的索引 lastSlashIndex := strings.LastIndex(c.Request.RequestURI, "/") if lastSlashIndex != -1 { // 替换最后一个数字部分为 :id path = path[:lastSlashIndex] + "/:id" } else { c.JSON(http.StatusOK, gin.H{ "message": "请求路径错误", "code": consts.ServerError, "data": "", }) c.Abort() return } } // 检测接口是否需要验证权限 adminApiDao := dao.AdminApiDao{} maps := make(map[string]interface{}) maps["api_path"] = path maps["api_method"] = c.Request.Method adminApis, err := adminApiDao.GetAdminApiList(maps) if len(adminApis) == 0 || err != nil { c.JSON(http.StatusOK, gin.H{ "message": "请求路径错误", "code": consts.ServerError, "data": "", }) c.Abort() return } // 接口无需验证权限 if adminApis[0].IsAuth == 0 { c.Next() return } path = path + c.Request.Method // 获取角色菜单id AdminRoleMenuDao := dao.AdminRoleMenuDao{} adminRoleMenu, _ := AdminRoleMenuDao.GetAdminRoleMenuListByRoleId(roleId) if adminRoleMenu == nil { c.JSON(http.StatusForbidden, gin.H{ "message": "暂无权限", "code": consts.ClientHttpUnauthorized, "data": "", }) c.Abort() return } var apiPermissions = make(map[string]bool) // 获取菜单对应api adminMenuApiDao := dao.AdminMenuApiDao{} for _, v := range adminRoleMenu { adminMenuApi, _ := adminMenuApiDao.GetAdminMenuApiListWithAPIByMenuID(v.MenuID) if adminMenuApi == nil { // 菜单无绑定接口 continue } // 将API权限存储在apiPermissions中 for _, api := range adminMenuApi { apiPermissions[api.API.APIPath+api.API.APIMethod] = true } } // 在apiPermissions中查找对应的API权限 hasPermission := apiPermissions[path] if !hasPermission { c.JSON(http.StatusForbidden, gin.H{ "message": "暂无权限", "code": consts.ClientHttpUnauthorized, "data": "", }) c.Abort() return } c.Next() } }