diff --git a/go.sum b/go.sum index 90df903..e0bfcbf 100644 --- a/go.sum +++ b/go.sum @@ -197,6 +197,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8= github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= diff --git a/internal/biz/user.go b/internal/biz/user.go index 096ce80..4a74d95 100644 --- a/internal/biz/user.go +++ b/internal/biz/user.go @@ -23,7 +23,6 @@ const ( UserRoleInvalid uint8 = iota UserRoleGuest UserRoleRegisterUser - UserRoleLecturer UserRoleSuperAdmin ) const ( diff --git a/internal/conf/conf.pb.go b/internal/conf/conf.pb.go index fa21976..146ca12 100644 --- a/internal/conf/conf.pb.go +++ b/internal/conf/conf.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.31.0 -// protoc v4.24.3 +// protoc v3.19.6 // source: conf/conf.proto package conf diff --git a/internal/server/auth.go b/internal/server/auth.go index ae44555..55ceedb 100644 --- a/internal/server/auth.go +++ b/internal/server/auth.go @@ -19,8 +19,12 @@ func Auth() middleware.Middleware { if claims, err := jwt.VerifyToken(token); err == nil { ctx = context.WithValue(ctx, "user_id", claims.UserID) ctx = context.WithValue(ctx, "role_id", claims.RoleID) + } else { + return "token is invalid", err } - + } else { + // 如果token为空则设置角色id为uint8(1),表示未登录访客 + ctx = context.WithValue(ctx, "role_id", uint8(1)) } } return handler(ctx, req) diff --git a/internal/server/http.go b/internal/server/http.go index 0548900..047b8bb 100644 --- a/internal/server/http.go +++ b/internal/server/http.go @@ -29,6 +29,7 @@ func NewHTTPServer(c *conf.Server, g *conf.Gin, d *conf.Data, greeter *service.K Auth(), logging.Server(logger), validate.Validator(), + Privilege(), ), } diff --git a/internal/server/privilege.go b/internal/server/privilege.go new file mode 100644 index 0000000..2e945e6 --- /dev/null +++ b/internal/server/privilege.go @@ -0,0 +1,84 @@ +package server + +import ( + "context" + "errors" + + "github.com/go-kratos/kratos/v2/log" + "github.com/go-kratos/kratos/v2/middleware" + "github.com/go-kratos/kratos/v2/transport" + + pb "kubecit-service/api/helloworld/v1" + "kubecit-service/internal/biz" +) + +func Privilege() middleware.Middleware { + return func(handler middleware.Handler) middleware.Handler { + return func(ctx context.Context, req interface{}) (reply interface{}, err error) { + if tmp := ctx.Value("role_id"); tmp != nil { + roleID := tmp.(uint8) + log.Debugf("current role_id: %v\n", roleID) + switch roleID { + case biz.UserRoleGuest, biz.UserRoleRegisterUser: + if tr, ok := transport.FromServerContext(ctx); ok { + if _, exist := RolePrivileges[roleID][tr.Operation()]; exist { + return handler(ctx, req) + } + } + case biz.UserRoleSuperAdmin: + return handler(ctx, req) + } + + if tr, ok := transport.FromServerContext(ctx); ok { + if _, exist := RolePrivileges[roleID][tr.Operation()]; exist { + return handler(ctx, req) + } + } + } + return "not enough privileges", errors.New("not enough privileges") + } + } +} + +var RolePrivileges map[uint8]map[string]struct{} + +func init() { + RolePrivileges = make(map[uint8]map[string]struct{}) + // Role Guest + RolePrivileges[biz.UserRoleGuest] = map[string]struct{}{ + pb.OperationKubecitSystemSettings: {}, + pb.OperationKubecitSearchCourse: {}, + pb.OperationKubecitRegisterUsername: {}, + pb.OperationKubecitMostNew: {}, + pb.OperationKubecitLoginByJson: {}, + pb.OperationKubecitGetSlider: {}, + pb.OperationKubecitGetTeacher: {}, + pb.OperationKubecitListAllTeacher: {}, + pb.OperationKubecitListSlidersByPriority: {}, + pb.OperationKubecitListCategory: {}, + pb.OperationKubecitListCategoryV2: {}, + pb.OperationKubecitListLessons: {}, + pb.OperationKubecitGetCourse: {}, + } + // Role RegisterUser + RolePrivileges[biz.UserRoleRegisterUser] = map[string]struct{}{ + pb.OperationKubecitSystemSettings: {}, + pb.OperationKubecitSearchCourse: {}, + pb.OperationKubecitRegisterUsername: {}, + pb.OperationKubecitMostNew: {}, + pb.OperationKubecitLoginByJson: {}, + pb.OperationKubecitGetSlider: {}, + pb.OperationKubecitGetTeacher: {}, + pb.OperationKubecitListAllTeacher: {}, + pb.OperationKubecitListCategory: {}, + pb.OperationKubecitListCategoryV2: {}, + pb.OperationKubecitListLessons: {}, + pb.OperationKubecitGetCourse: {}, + pb.OperationKubecitGetInfo: {}, + pb.OperationKubecitMyOrderList: {}, + pb.OperationKubecitCreateOrder: {}, + pb.OperationKubecitWalletBalance: {}, + } + // Role Admin + RolePrivileges[biz.UserRoleSuperAdmin] = map[string]struct{}{} +} diff --git a/internal/service/course.go b/internal/service/course.go index 40fb18a..b2d3359 100644 --- a/internal/service/course.go +++ b/internal/service/course.go @@ -86,7 +86,7 @@ func (s *KubecitService) UpdateCourse(ctx context.Context, req *pb.UpdateCourseR user, err := s.userUseCase.CurrentUserInfo(ctx) if err != nil { return nil, err - } else if uint8(user.RoleId) < biz.UserRoleLecturer { + } else if uint8(user.RoleId) < biz.UserRoleSuperAdmin { return nil, errors.New("not enough privileges") } course := &biz.Course{