go实战全家桶优化goweb实现权限控制
作者:雷建明@芯速配 阅读50 2024/09/29 07:08:21 文章 原创 公开
GO全家桶
编辑
UML
编辑
开源
编辑
控制端
type IrpcCheckAllowed interface {
// 测试开关、是否检查权限,方便测试可以关闭
IfCheckRes() bool
IfCheckSession() bool
// 根据token获取useid的实现
RpcUserIdGetBySession(ctx *gin.Context, token string) (*webdto.WebUserId, error)
// RPC 设置ctx上下文的CooUserID信息的实现
RpcSetUserId(c *gin.Context) //set *webdto.WebUserId
// RPC 获取ctx上下文的CooUserID信息的 实现
RpcGetUserId(ctx *gin.Context) *webdto.WebUserId
//rpc 检查权限的实现
RpcCheckAllowed(ctx context.Context, req *webdto.WebCheckRequest) (*webdto.WebCheckResult, error)
}
应用端
// 应用服务上下文获取信息
type IwebCheckAllowed interface {
SetUserId(c *gin.Context)
GetUserId(ctx *gin.Context) *webdto.WebUserId
CheckToken(c *gin.Context) (int, error)
GetSessionToken(c *gin.Context) (int, *webdto.WebUserId, error)
WebCheckAllowed(c *gin.Context)
}内部WEBSERVER无权限控制
/*
@Title 文件名称: main.go
@Description 描述: 有芯通用索引微服务
@Contact.user raymond
@Author 作者: leijianming@163.com 时间(2024-02-18 22:38:21)
@Update 作者: leijianming@163.com 时间(2024-02-18 22:38:21)
*/
func InjectMiddleware() {
// 注册业务权限rpc接口,FindBeanRpcNocheckRight这个不鉴权,鉴权的rpc在general-common业务服务使用
webcheck.FindBeanWebCheckRight().RegisterIrpc(webcustom.FindBeanRpcNocheckRight())
// 注入业务中间件(webmiddleware.DemoWebMiddleWare())样例,只是打日志
//webcheck.FindBeanWebCheckRight().RegisterMiddlewares(handlerfunc.WebExampleMiddleware())
}
// https://www.jianshu.com/p/982c4fabb11d swagg参数
func StartWeb() {
defer func() {
if r := recover(); r != nil {
goutils.Error("[main] Recovered Error in:", r)
fmt.Println("[main] Recovered Error in:", r)
buf := make([]byte, 4096)
n := runtime.Stack(buf, false)
fmt.Println(string(buf[:n]))
goutils.Error(string(buf[:n]))
}
}()
InjectMiddleware()
goutils.Info("now starting serverNats....")
goperfstat.FindBeanGoperfStat().SetEnable2Out(false)
goperfstat.FindBeanGoperfStat().StartStats()
var config = ichubconfig.FindBeanIchubConfig()
serverDto := config.ReadIchubWebServer()
goutils.Info("serverDto=", serverDto)
var server = webserver.New(serverDto)
var swagger = config.ReadWebSwagger()
//注册服务
goutils.Info("swagger is http://" + swagger.Host + "/swagger/index.html#/")
fmt.Println("serverName ", serverDto.ServerName)
server.StartWebSwagger(router.Swagger, router.Register)
}有权限控制
package webstart
import (
"fmt"
"gitee.com/leijmdas/gobase/goconfig/common/golog"
"gitee.com/leijmdas/gobase/goconfig/common/ichubconfig"
"gitee.com/leijmdas/goplatform/api/goauth/authproxy"
"gitee.com/leijmdas/goplatform/web/server/router"
"gitee.com/leijmdas/goweb/common/webright/webcheck"
"gitee.com/leijmdas/goweb/common/webright/webmiddleware/handlerfunc"
"gitee.com/leijmdas/goweb/common/webserver"
"gitee.com/leijmdas/goweb/domain/service"
"github.com/sirupsen/logrus"
"runtime"
)
/*
@Title 文件名称: websample.go
@Description 描述: 通用引擎微服务
@Contact.user raymond
@Author 作者: leijianming@163.com 时间(2024-02-18 22:38:21)
@Update 作者: leijianming@163.com 时间(2024-02-18 22:38:21)
*/
// https://www.jianshu.com/p/982c4fabb11d swagg参数
func InjectMiddleware() {
// 注册业务权限rpc接口,FindBeanRpcNocheckRight这个不鉴权,鉴权的rpc在general-common业务服务使用
//webcheck.FindBeanWebCheckRight().RegisterIrpc(webcustom.FindBeanRpcCheckRight())
webcheck.FindBeanWebCheckRight().RegisterIrpc(authproxy.FindBeanAuthProxy())
// 注入业务中间件(webmiddleware.DemoWebMiddleWare())样例,只是打日志
webcheck.FindBeanWebCheckRight().RegisterMiddlewares(handlerfunc.WebExampleMiddleware())
}
func StartWeb() {
defer func() {
if r := recover(); r != nil {
golog.Error("[main] Recovered Error in:", r)
fmt.Println("[main] Recovered Error in:", r)
buf := make([]byte, 4096)
n := runtime.Stack(buf, false)
//fmt.Println(string(buf[:n]))
golog.Error(string(buf[:n]))
}
}()
InjectMiddleware()
service.Init()
var config = ichubconfig.FindBeanIchubConfig()
serverDto := config.ReadWebServer()
golog.Info("serverDto=", serverDto)
var server = webserver.New(serverDto)
logrus.Info("http://localhost:88/swagger/index.html#/")
//注册服务
server.StartWebSwagger(router.Swagger, router.Register)
}
// go get -u -v github.com/swaggo/gin-swagger//go get -u -v github.com/swaggo/files
// go get -u -v github.com/alecthomas/template控制端实现
package authproxy
import (
"context"
"errors"
"gitee.com/leijmdas/gobase/goconfig/common/base/goutils"
"gitee.com/leijmdas/gobase/goconfig/common/golog"
"gitee.com/leijmdas/goplatform/api/goauth"
"gitee.com/leijmdas/goweb/common/webright/webcheck/webcustom"
"gitee.com/leijmdas/goweb/common/webright/webconsts"
"gitee.com/leijmdas/goweb/common/webright/webdto"
"github.com/gin-gonic/gin"
)
type AuthProxy struct {
*webcustom.RpcCheckRight
}
func NewAuthProxy() *AuthProxy {
return &AuthProxy{
RpcCheckRight: webcustom.NewRpcCheckRight(),
}
}
func (r AuthProxy) RpcUserIdGetBySession(c *gin.Context, token string) (*webdto.WebUserId, error) {
var apiUserResult = goauth.FindBeanauthApiService().Auth(token)
if !apiUserResult.IsSuccess() {
return nil, errors.New(apiUserResult.Msg)
}
var webuser = webdto.NewWebUserId()
webuser.ApiUserResult = apiUserResult.Data
return webuser, nil
}
func (r AuthProxy) RpcSetUserId(c *gin.Context) {
token := c.GetHeader(webconsts.AccessToken)
if token == "" {
goutils.Error("toke is empty!")
return
}
var webuser, err = r.RpcUserIdGetBySession(c, token)
if err != nil {
golog.Error(err)
return
}
webdto.SetUserId(c, webuser)
}
func (r AuthProxy) RpcGetUserId(c *gin.Context) *webdto.WebUserId {
return webdto.GetUserId(c)
}
func (r AuthProxy) RpcCheckAllowed(c context.Context, req *webdto.WebCheckRequest) (*webdto.WebCheckResult, error) {
token := c.(*gin.Context).GetHeader(webconsts.AccessToken)
if token == "" {
goutils.Error("toke is empty!")
return nil, errors.New("token is empty")
}
var webuser, err = r.RpcUserIdGetBySession(c.(*gin.Context), token)
if err != nil {
golog.Error(err)
return nil, err
}
// 还要增加接口权限 判断url是否有权限
var result = webdto.NewWebCheckResult()
result.Allowed = true
result.ApiUserResult = webuser.ApiUserResult
return result, nil
}
func (r AuthProxy) IfCheckRes() bool {
return true
}
func (self *AuthProxy) IfCheckSession() bool {
return true
}注入业务中间件
// 注入业务中间件(webmiddleware.DemoWebMiddleWare())样例,只是打日志 webcheck.FindBeanWebCheckRight().RegisterMiddlewares(handlerfunc.WebExampleMiddleware())
编辑
func (this *WebRouters) InstallMiddleWare(router *gin.Engine) *gin.Engine {
router.Use(webmiddlewares.CheckSessionToken(), webmiddlewares.CheckAllowed())
router.Use(webmiddlewares.WebMiddleware()...)
//router.Use(gin.)
router.Use(middleware.RequestID(), middleware.Context(), gin.Recovery(), middleware.Cors())
//router.Use(gin.Logger(),gindump.Dump())
router.Use(gzip.Gzip(gzip.DefaultCompression))
this.AddRouter(router)
return router
}声明:本网站部分内容来源于网络,版权归原权利人所有,其观点不代表本网站立场;本网站视频或图片制作权归当前商户及其作者,涉及未经授权的制作均须标记“样稿”。如内容侵犯了您相关权利,请及时通过邮箱service@ichub.com与我们联系。
验证