go实战全家桶优化goweb实现权限控制

leijmdas 2024-10-20 08:03:01 阅读 91

GO全家桶

UML

开源

water/goweb

控制端

type IrpcCheckAllowed interface {

    // 测试开关、是否检查权限,方便测试可以关闭

    IfCheckRes() bool

    IfCheckSession() bool

    // 根据token获取useid的实现

    RpcUserIdGetBySession(ctx *gin.Context, token string) (*webdto.WebUserId, error)

    // RPC 设置ctx上下文的CooUserID信息的实现

    RpcSetUserId(c *gin.Context) //set *webdto.WebUserId

    // RPC 获取ctx上下文的CooUserID信息的 实现

    RpcGetUserId(ctx *gin.Context) *webdto.WebUserId

    //rpc 检查权限的实现

    RpcCheckAllowed(ctx context.Context, req *webdto.WebCheckRequest) (*webdto.WebCheckResult, error)

}

应用端

// 应用服务上下文获取信息

type IwebCheckAllowed interface {

SetUserId(c *gin.Context)

GetUserId(ctx *gin.Context) *webdto.WebUserId

CheckToken(c *gin.Context) (int, error)

GetSessionToken(c *gin.Context) (int, *webdto.WebUserId, error)

WebCheckAllowed(c *gin.Context)

}

内部WEBSERVER无权限控制

/*

@Title 文件名称: main.go

@Description 描述: 有芯通用索引微服务

@Contact.user raymond

@Author 作者: leijianming@163.com 时间(2024-02-18 22:38:21)

@Update 作者: leijianming@163.com 时间(2024-02-18 22:38:21)

*/

func InjectMiddleware() {

// 注册业务权限rpc接口,FindBeanRpcNocheckRight这个不鉴权,鉴权的rpc在general-common业务服务使用

webcheck.FindBeanWebCheckRight().RegisterIrpc(webcustom.FindBeanRpcNocheckRight())

// 注入业务中间件(webmiddleware.DemoWebMiddleWare())样例,只是打日志

//webcheck.FindBeanWebCheckRight().RegisterMiddlewares(handlerfunc.WebExampleMiddleware())

}

// https://www.jianshu.com/p/982c4fabb11d swagg参数

func StartWeb() {

defer func() {

if r := recover(); r != nil {

goutils.Error("[main] Recovered Error in:", r)

fmt.Println("[main] Recovered Error in:", r)

buf := make([]byte, 4096)

n := runtime.Stack(buf, false)

fmt.Println(string(buf[:n]))

goutils.Error(string(buf[:n]))

}

}()

InjectMiddleware()

goutils.Info("now starting serverNats....")

goperfstat.FindBeanGoperfStat().SetEnable2Out(false)

goperfstat.FindBeanGoperfStat().StartStats()

var config = ichubconfig.FindBeanIchubConfig()

serverDto := config.ReadIchubWebServer()

goutils.Info("serverDto=", serverDto)

var server = webserver.New(serverDto)

var swagger = config.ReadWebSwagger()

//注册服务

goutils.Info("swagger is http://" + swagger.Host + "/swagger/index.html#/")

fmt.Println("serverName ", serverDto.ServerName)

server.StartWebSwagger(router.Swagger, router.Register)

}

有权限控制

package webstart

import (

"fmt"

"gitee.com/leijmdas/gobase/goconfig/common/golog"

"gitee.com/leijmdas/gobase/goconfig/common/ichubconfig"

"gitee.com/leijmdas/goplatform/api/goauth/authproxy"

"gitee.com/leijmdas/goplatform/web/server/router"

"gitee.com/leijmdas/goweb/common/webright/webcheck"

"gitee.com/leijmdas/goweb/common/webright/webmiddleware/handlerfunc"

"gitee.com/leijmdas/goweb/common/webserver"

"gitee.com/leijmdas/goweb/domain/service"

"github.com/sirupsen/logrus"

"runtime"

)

/*

@Title 文件名称: websample.go

@Description 描述: 通用引擎微服务

@Contact.user raymond

@Author 作者: leijianming@163.com 时间(2024-02-18 22:38:21)

@Update 作者: leijianming@163.com 时间(2024-02-18 22:38:21)

*/

// https://www.jianshu.com/p/982c4fabb11d swagg参数

func InjectMiddleware() {

// 注册业务权限rpc接口,FindBeanRpcNocheckRight这个不鉴权,鉴权的rpc在general-common业务服务使用

//webcheck.FindBeanWebCheckRight().RegisterIrpc(webcustom.FindBeanRpcCheckRight())

webcheck.FindBeanWebCheckRight().RegisterIrpc(authproxy.FindBeanAuthProxy())

// 注入业务中间件(webmiddleware.DemoWebMiddleWare())样例,只是打日志

webcheck.FindBeanWebCheckRight().RegisterMiddlewares(handlerfunc.WebExampleMiddleware())

}

func StartWeb() {

defer func() {

if r := recover(); r != nil {

golog.Error("[main] Recovered Error in:", r)

fmt.Println("[main] Recovered Error in:", r)

buf := make([]byte, 4096)

n := runtime.Stack(buf, false)

//fmt.Println(string(buf[:n]))

golog.Error(string(buf[:n]))

}

}()

InjectMiddleware()

service.Init()

var config = ichubconfig.FindBeanIchubConfig()

serverDto := config.ReadWebServer()

golog.Info("serverDto=", serverDto)

var server = webserver.New(serverDto)

logrus.Info("http://localhost:88/swagger/index.html#/")

//注册服务

server.StartWebSwagger(router.Swagger, router.Register)

}

// go get -u -v github.com/swaggo/gin-swagger//go get -u -v github.com/swaggo/files

// go get -u -v github.com/alecthomas/template

控制端实现

package authproxy

import (

"context"

"errors"

"gitee.com/leijmdas/gobase/goconfig/common/base/goutils"

"gitee.com/leijmdas/gobase/goconfig/common/golog"

"gitee.com/leijmdas/goplatform/api/goauth"

"gitee.com/leijmdas/goweb/common/webright/webcheck/webcustom"

"gitee.com/leijmdas/goweb/common/webright/webconsts"

"gitee.com/leijmdas/goweb/common/webright/webdto"

"github.com/gin-gonic/gin"

)

type AuthProxy struct {

*webcustom.RpcCheckRight

}

func NewAuthProxy() *AuthProxy {

return &AuthProxy{

RpcCheckRight: webcustom.NewRpcCheckRight(),

}

}

func (r AuthProxy) RpcUserIdGetBySession(c *gin.Context, token string) (*webdto.WebUserId, error) {

var apiUserResult = goauth.FindBeanauthApiService().Auth(token)

if !apiUserResult.IsSuccess() {

return nil, errors.New(apiUserResult.Msg)

}

var webuser = webdto.NewWebUserId()

webuser.ApiUserResult = apiUserResult.Data

return webuser, nil

}

func (r AuthProxy) RpcSetUserId(c *gin.Context) {

token := c.GetHeader(webconsts.AccessToken)

if token == "" {

goutils.Error("toke is empty!")

return

}

var webuser, err = r.RpcUserIdGetBySession(c, token)

if err != nil {

golog.Error(err)

return

}

webdto.SetUserId(c, webuser)

}

func (r AuthProxy) RpcGetUserId(c *gin.Context) *webdto.WebUserId {

return webdto.GetUserId(c)

}

func (r AuthProxy) RpcCheckAllowed(c context.Context, req *webdto.WebCheckRequest) (*webdto.WebCheckResult, error) {

token := c.(*gin.Context).GetHeader(webconsts.AccessToken)

if token == "" {

goutils.Error("toke is empty!")

return nil, errors.New("token is empty")

}

var webuser, err = r.RpcUserIdGetBySession(c.(*gin.Context), token)

if err != nil {

golog.Error(err)

return nil, err

}

// 还要增加接口权限 判断url是否有权限

var result = webdto.NewWebCheckResult()

result.Allowed = true

result.ApiUserResult = webuser.ApiUserResult

return result, nil

}

func (r AuthProxy) IfCheckRes() bool {

return true

}

func (self *AuthProxy) IfCheckSession() bool {

return true

}

注入业务中间件

// 注入业务中间件(webmiddleware.DemoWebMiddleWare())样例,只是打日志

webcheck.FindBeanWebCheckRight().RegisterMiddlewares(handlerfunc.WebExampleMiddleware())

func (this *WebRouters) InstallMiddleWare(router *gin.Engine) *gin.Engine {

router.Use(webmiddlewares.CheckSessionToken(), webmiddlewares.CheckAllowed())

router.Use(webmiddlewares.WebMiddleware()...)

//router.Use(gin.)

router.Use(middleware.RequestID(), middleware.Context(), gin.Recovery(), middleware.Cors())

//router.Use(gin.Logger(),gindump.Dump())

router.Use(gzip.Gzip(gzip.DefaultCompression))

this.AddRouter(router)

return router

}



声明

本文内容仅代表作者观点,或转载于其他网站,本站不以此文作为商业用途
如有涉及侵权,请联系本站进行删除
转载本站原创文章,请注明来源及作者。