gdxz/hospital-admin-api
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
hospital-admin-api/api/middlewares/auth.go

211 lines
4.6 KiB
Go
Raw Blame History

package middlewares
import (
"github.com/gin-gonic/gin"
"hospital-admin-api/api/dao"
"hospital-admin-api/api/responses"
"hospital-admin-api/consts"
"net/http"
"regexp"
"strings"
)
// Auth Auth认证
func Auth() gin.HandlerFunc {
return func(c *gin.Context) {
// 获取角色id
roleId := c.GetInt64("RoleId")
if roleId == 0 {
responses.Fail(c)
c.Abort()
return
}
// 获取用户id
userId := c.GetInt64("UserId")
if userId == 0 {
responses.Fail(c)
c.Abort()
return
}
// 获取用户数据
adminUserDao := dao.AdminUserDao{}
adminUser, err := adminUserDao.GetAdminUserFirstById(userId)
if err != nil || adminUser == nil {
responses.FailWithMessage("用户数据错误", c)
c.Abort()
return
}
if adminUser.Status == 2 {
responses.FailWithMessage("用户审核中", c)
c.Abort()
return
}
if adminUser.Status == 3 {
responses.FailWithMessage("用户已删除或禁用", c)
c.Abort()
return
}
if adminUser.RoleID == 0 {
responses.FailWithMessage("用户角色错误", c)
c.Abort()
return
}
// 获取角色数据
adminRoleDao := dao.AdminRoleDao{}
adminRole, err := adminRoleDao.GetAdminRoleFirstById(roleId)
if err != nil || adminRole == nil {
responses.FailWithMessage("角色错误", c)
c.Abort()
return
}
// 检测角色是否已被禁用
if adminRole.RoleStatus == 2 {
responses.FailWithMessage("角色已被禁用", c)
c.Abort()
return
}
// 超级管理员不验证权限
if adminRole.IsAdmin == 1 {
c.Next()
return
}
// 获取用户部门数据
if adminUser.DeptID != 0 {
adminDeptDao := dao.AdminDeptDao{}
adminDept, err := adminDeptDao.GetAdminDeptById(adminUser.DeptID)
if err != nil || adminDept == nil {
responses.FailWithMessage("用户部门数据错误", c)
c.Abort()
return
}
if adminDept.DeptStatus == 2 {
responses.FailWithMessage("您所在的部门已被删除,请联系管理员修改", c)
c.Abort()
return
}
}
// 获取用户部门数据
if adminUser.PostID != 0 {
adminPostDao := dao.AdminPostDao{}
adminPost, err := adminPostDao.GetAdminPostById(adminUser.PostID)
if err != nil || adminPost == nil {
responses.FailWithMessage("用户岗位数据错误", c)
c.Abort()
return
}
if adminPost.PostStatus == 2 {
responses.FailWithMessage("您所在的岗位已被删除,请联系管理员修改", c)
c.Abort()
return
}
}
path := c.Request.URL.Path
// 匹配路由为/:id的接口
reg := regexp.MustCompile("/(\\d+)$")
match := reg.MatchString(c.Request.RequestURI)
if match {
// 找到最后一个数字的索引
lastSlashIndex := strings.LastIndex(c.Request.RequestURI, "/")
if lastSlashIndex != -1 {
// 替换最后一个数字部分为 :id
path = path[:lastSlashIndex] + "/:id"
} else {
c.JSON(http.StatusOK, gin.H{
"message": "请求路径错误",
"code": consts.ServerError,
"data": "",
})
c.Abort()
return
}
}
// 检测接口是否需要验证权限
adminApiDao := dao.AdminApiDao{}
maps := make(map[string]interface{})
maps["api_path"] = path
maps["api_method"] = c.Request.Method
adminApis, err := adminApiDao.GetAdminApiList(maps)
if len(adminApis) == 0 || err != nil {
c.JSON(http.StatusOK, gin.H{
"message": "请求路径错误",
"code": consts.ServerError,
"data": "",
})
c.Abort()
return
}
// 接口无需验证权限
if adminApis[0].IsAuth == 0 {
c.Next()
return
}
path = path + c.Request.Method
// 获取角色菜单id
AdminRoleMenuDao := dao.AdminRoleMenuDao{}
adminRoleMenu, _ := AdminRoleMenuDao.GetAdminRoleMenuListByRoleId(roleId)
if adminRoleMenu == nil {
c.JSON(http.StatusForbidden, gin.H{
"message": "暂无权限",
"code": consts.ClientHttpUnauthorized,
"data": "",
})
c.Abort()
return
}
var apiPermissions = make(map[string]bool)
// 获取菜单对应api
adminMenuApiDao := dao.AdminMenuApiDao{}
for _, v := range adminRoleMenu {
adminMenuApi, _ := adminMenuApiDao.GetAdminMenuApiListWithAPIByMenuID(v.MenuID)
if adminMenuApi == nil {
// 菜单无绑定接口
continue
}
// 将API权限存储在apiPermissions中
for _, api := range adminMenuApi {
apiPermissions[api.API.APIPath+api.API.APIMethod] = true
}
}
// 在apiPermissions中查找对应的API权限
hasPermission := apiPermissions[path]
if !hasPermission {
c.JSON(http.StatusForbidden, gin.H{
"message": "暂无权限",
"code": consts.ClientHttpUnauthorized,
"data": "",
})
c.Abort()
return
}
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink