136 lines
3.2 KiB
Go
136 lines
3.2 KiB
Go
package mop_middleware_auth
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"gitlab.finogeeks.club/finclip-backend/mop-middleware-auth/config"
|
|
"gitlab.finogeeks.club/finclip-backend/mop-middleware-auth/grpc"
|
|
"gitlab.finogeeks.club/finclip-backend/mop-middleware-auth/grpc/pb"
|
|
"gitlab.finogeeks.club/finclip-backend/mop-middleware-auth/logger"
|
|
)
|
|
|
|
type IAuthMiddleware interface {
|
|
CheckPathAuthor(c *gin.Context)
|
|
}
|
|
|
|
type AuthMiddleware struct {
|
|
}
|
|
|
|
func CreateAuthMiddleware(c config.Config) IAuthMiddleware {
|
|
config.SetConfig(c)
|
|
logger.BuildLog(config.GetConfig())
|
|
return AuthMiddleware{}
|
|
}
|
|
|
|
func (a AuthMiddleware) CheckPathAuthor(c *gin.Context) {
|
|
platform := c.GetHeader("url-call")
|
|
if platform == "internal" {
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
path := getPathV2(c)
|
|
|
|
logger.GetLogger().Debugln("path-----", path)
|
|
|
|
userId := c.Request.Header.Get("X-Consumer-Custom-ID")
|
|
serviceName := config.GetConfig().ServerName
|
|
ctx := context.Background()
|
|
if userId == "" {
|
|
logger.GetLogger().Errorln("userId is empty")
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
key := fmt.Sprintf("%s:%s:%s", serviceName, userId, path)
|
|
temp, ok := GetMemCache(key)
|
|
var rsp *pb.CheckAuthRsp
|
|
var err error
|
|
if ok {
|
|
rsp = temp.(*pb.CheckAuthRsp)
|
|
}
|
|
|
|
logger.GetLogger().Debugln("CheckPathAuthor cache rsp-----", rsp)
|
|
|
|
if rsp == nil {
|
|
rsp, err = grpc.AuthCheck(ctx, userId, serviceName, path)
|
|
if err != nil {
|
|
logger.GetLogger().Errorln(err)
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
if rsp.Result.Httpcode == http.StatusOK {
|
|
SetMemCacheWithTime(key, rsp, time.Duration(config.GetConfig().ExpireInterval)*time.Minute)
|
|
}
|
|
}
|
|
|
|
if rsp.Result.Httpcode == http.StatusOK {
|
|
if rsp.Data.HasAuthor {
|
|
c.Next()
|
|
return
|
|
} else {
|
|
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{
|
|
"error": "author forbidden",
|
|
"errcode": "AUTHOR_FORBIDDEN",
|
|
"data": nil,
|
|
})
|
|
return
|
|
}
|
|
}
|
|
|
|
c.Next()
|
|
return
|
|
|
|
}
|
|
|
|
func getPath(c *gin.Context) string {
|
|
path := c.FullPath()
|
|
logger.GetLogger().Debugln("FullPath-----", path)
|
|
|
|
switch path {
|
|
case "/api/v1/mop/finstore/admin/apps/:path1/:path2/:path3":
|
|
path = "/api/v1/mop/finstore/admin/apps/:appID/sequences/:seqStr"
|
|
case "/api/v1/mop/finstore/dev/apps/:path1/:path2":
|
|
path2 := c.Param("path2")
|
|
if path2 == "inDevelopment" {
|
|
path = "/api/v1/mop/finstore/dev/apps/:appId/inDevelopment"
|
|
}
|
|
case "/api/v1/mop/finstore/dev/apps/:path1":
|
|
path1 := c.Param("path1")
|
|
if path1 == "sequences" {
|
|
path = "/api/v1/mop/finstore/dev/apps/:sequences"
|
|
} else if path1 == "sequences-v2" {
|
|
path = "/api/v1/mop/finstore/dev/apps/:sequences-v2"
|
|
} else if path1 == "inDevelopment" {
|
|
path = "/api/v1/mop/finstore/dev/apps/:inDevelopment"
|
|
} else if path1 == "inDevelopment-v2" {
|
|
//handler.ListAppsInDevelopment(c)
|
|
path = "/api/v1/mop/finstore/dev/apps/:inDevelopment-v2"
|
|
} else {
|
|
path = "/api/v1/mop/finstore/dev/apps/:appId"
|
|
}
|
|
case "/api/v1/mop/mop-applet-build-manager/:organId/:userId/start", "/api/v1/mop/mop-applet-build-manager/:organId/:userId/start-v2":
|
|
path = "/api/v1/mop/mop-applet-build-manager/:organId/:userId/start"
|
|
}
|
|
|
|
if len(path) == 0 {
|
|
return path
|
|
} else {
|
|
return path[1:]
|
|
}
|
|
}
|
|
|
|
func getPathV2(c *gin.Context) string {
|
|
path := c.Request.URL.Path
|
|
if len(path) == 0 {
|
|
return path
|
|
} else {
|
|
return path[1:]
|
|
}
|
|
}
|