hotgo/server/internal/logic/middleware/admin_auth.go

// Package middleware
// @Link  https://github.com/bufanyun/hotgo
// @Copyright  Copyright (c) 2023 HotGo CLI
// @Author  Ms <133814250@qq.com>
// @License  https://github.com/bufanyun/hotgo/blob/master/LICENSE
package middleware

import (
	"github.com/gogf/gf/v2/errors/gcode"
	"github.com/gogf/gf/v2/frame/g"
	"github.com/gogf/gf/v2/net/ghttp"
	"github.com/gogf/gf/v2/text/gstr"
	"hotgo/internal/consts"
	"hotgo/internal/library/contexts"
	"hotgo/internal/library/response"
	"hotgo/internal/service"
)

// AdminAuth 后台鉴权中间件
func (s *sMiddleware) AdminAuth(r *ghttp.Request) {
	var (
		ctx    = r.Context()
		prefix = g.Cfg().MustGet(ctx, "router.admin.prefix", "/admin").String()
		path   = gstr.Replace(r.URL.Path, prefix, "", 1)
	)

	// 不需要验证登录的路由地址
	if isExceptLogin(ctx, consts.AppAdmin, path) {
		r.Middleware.Next()
		return
	}

	// 将用户信息传递到上下文中
	if err := deliverUserContext(r); err != nil {
		response.JsonExit(r, gcode.CodeNotAuthorized.Code(), err.Error())
		return
	}

	// 不需要验证权限的路由地址
	if isExceptAuth(ctx, consts.AppAdmin, path) {
		r.Middleware.Next()
		return
	}

	// 验证路由访问权限
	if !service.AdminRole().Verify(ctx, path, r.Method) {
		g.Log().Debugf(ctx, "AdminAuth fail path:%+v, GetRoleKey:%+v, r.Method:%+v", path, contexts.GetRoleKey(ctx), r.Method)
		response.JsonExit(r, gcode.CodeSecurityReason.Code(), "你没有访问权限！")
		return
	}

	r.Middleware.Next()
}
v2.0 2022-11-24 23:37:34 +08:00			`// Package middleware`
			`// @Link https://github.com/bufanyun/hotgo`
发布v2.2.10版本，更新内容请查看：https://github.com/bufanyun/hotgo/tree/v2.0/docs/guide-zh-CN/addon-version-upgrade.md 2023-02-23 17:53:04 +08:00			`// @Copyright Copyright (c) 2023 HotGo CLI`
v2.0 2022-11-24 23:37:34 +08:00			`// @Author Ms <133814250@qq.com>`
			`// @License https://github.com/bufanyun/hotgo/blob/master/LICENSE`
			`package middleware`

			`import (`
			`"github.com/gogf/gf/v2/errors/gcode"`
			`"github.com/gogf/gf/v2/frame/g"`
			`"github.com/gogf/gf/v2/net/ghttp"`
			`"github.com/gogf/gf/v2/text/gstr"`
			`"hotgo/internal/consts"`
			`"hotgo/internal/library/contexts"`
			`"hotgo/internal/library/response"`
			`"hotgo/internal/service"`
			`)`

			`// AdminAuth 后台鉴权中间件`
			`func (s sMiddleware) AdminAuth(r ghttp.Request) {`
发布v2.6.10版本，更新内容请查看：https://github.com/bufanyun/hotgo/blob/v2.0/docs/guide-zh-CN/start-update-log.md 2023-05-12 16:20:22 +08:00			`var (`
			`ctx = r.Context()`
			`prefix = g.Cfg().MustGet(ctx, "router.admin.prefix", "/admin").String()`
			`path = gstr.Replace(r.URL.Path, prefix, "", 1)`
			`)`
v2.0 2022-11-24 23:37:34 +08:00
发布v2.6.10版本，更新内容请查看：https://github.com/bufanyun/hotgo/blob/v2.0/docs/guide-zh-CN/start-update-log.md 2023-05-12 16:20:22 +08:00			`// 不需要验证登录的路由地址`
			`if isExceptLogin(ctx, consts.AppAdmin, path) {`
v2.0 2022-11-24 23:37:34 +08:00			`r.Middleware.Next()`
			`return`
			`}`

发布v2.6.10版本，更新内容请查看：https://github.com/bufanyun/hotgo/blob/v2.0/docs/guide-zh-CN/start-update-log.md 2023-05-12 16:20:22 +08:00			`// 将用户信息传递到上下文中`
			`if err := deliverUserContext(r); err != nil {`
v2.0 2022-11-24 23:37:34 +08:00			`response.JsonExit(r, gcode.CodeNotAuthorized.Code(), err.Error())`
			`return`
			`}`

发布v2.6.10版本，更新内容请查看：https://github.com/bufanyun/hotgo/blob/v2.0/docs/guide-zh-CN/start-update-log.md 2023-05-12 16:20:22 +08:00			`// 不需要验证权限的路由地址`
			`if isExceptAuth(ctx, consts.AppAdmin, path) {`
			`r.Middleware.Next()`
			`return`
			`}`

v2.0 2022-11-24 23:37:34 +08:00			`// 验证路由访问权限`
			`if !service.AdminRole().Verify(ctx, path, r.Method) {`
版本预发布 2023-02-08 20:29:34 +08:00			`g.Log().Debugf(ctx, "AdminAuth fail path:%+v, GetRoleKey:%+v, r.Method:%+v", path, contexts.GetRoleKey(ctx), r.Method)`
v2.0 2022-11-24 23:37:34 +08:00			`response.JsonExit(r, gcode.CodeSecurityReason.Code(), "你没有访问权限！")`
			`return`
			`}`

			`r.Middleware.Next()`
			`}`