From a169bc326876459b81ff4b163a0981b98cf393e8 Mon Sep 17 00:00:00 2001 From: lbzs <627062293@qq.com> Date: Tue, 26 Sep 2023 12:58:41 +0800 Subject: [PATCH 1/2] simple privilege --- go.sum | 2 + internal/conf/conf.pb.go | 2 +- internal/server/auth.go | 6 +- internal/server/http.go | 1 + internal/server/privilege.go | 129 +++++++++++++++++++++++++++++++++++ 5 files changed, 138 insertions(+), 2 deletions(-) create mode 100644 internal/server/privilege.go diff --git a/go.sum b/go.sum index 90df903..e0bfcbf 100644 --- a/go.sum +++ b/go.sum @@ -197,6 +197,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8= github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= diff --git a/internal/conf/conf.pb.go b/internal/conf/conf.pb.go index fa21976..146ca12 100644 --- a/internal/conf/conf.pb.go +++ b/internal/conf/conf.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.31.0 -// protoc v4.24.3 +// protoc v3.19.6 // source: conf/conf.proto package conf diff --git a/internal/server/auth.go b/internal/server/auth.go index ae44555..55ceedb 100644 --- a/internal/server/auth.go +++ b/internal/server/auth.go @@ -19,8 +19,12 @@ func Auth() middleware.Middleware { if claims, err := jwt.VerifyToken(token); err == nil { ctx = context.WithValue(ctx, "user_id", claims.UserID) ctx = context.WithValue(ctx, "role_id", claims.RoleID) + } else { + return "token is invalid", err } - + } else { + // 如果token为空则设置角色id为uint8(1),表示未登录访客 + ctx = context.WithValue(ctx, "role_id", uint8(1)) } } return handler(ctx, req) diff --git a/internal/server/http.go b/internal/server/http.go index 0548900..047b8bb 100644 --- a/internal/server/http.go +++ b/internal/server/http.go @@ -29,6 +29,7 @@ func NewHTTPServer(c *conf.Server, g *conf.Gin, d *conf.Data, greeter *service.K Auth(), logging.Server(logger), validate.Validator(), + Privilege(), ), } diff --git a/internal/server/privilege.go b/internal/server/privilege.go new file mode 100644 index 0000000..a3018c7 --- /dev/null +++ b/internal/server/privilege.go @@ -0,0 +1,129 @@ +package server + +import ( + "context" + "errors" + "github.com/go-kratos/kratos/v2/log" + "github.com/go-kratos/kratos/v2/transport" + pb "kubecit-service/api/helloworld/v1" + + "github.com/go-kratos/kratos/v2/middleware" +) + +type UserRole string + +func Privilege() middleware.Middleware { + return func(handler middleware.Handler) middleware.Handler { + return func(ctx context.Context, req interface{}) (reply interface{}, err error) { + if tmp := ctx.Value("role_id"); tmp != nil { + roleID := int(tmp.(uint8)) + log.Debugf("current role_id: %v\n", roleID) + if tr, ok := transport.FromServerContext(ctx); ok { + if _, exist := RolePrivileges[roleID][tr.Operation()]; exist { + return handler(ctx, req) + } + } + } + return "not enough privileges", errors.New("not enough privileges") + } + } +} + +var RolePrivileges map[int]map[string]struct{} + +func init() { + RolePrivileges = make(map[int]map[string]struct{}) + // Role Guest + RolePrivileges[1] = map[string]struct{}{ + pb.OperationKubecitSystemSettings: {}, + pb.OperationKubecitSearchCourse: {}, + pb.OperationKubecitRegisterUsername: {}, + pb.OperationKubecitMostNew: {}, + pb.OperationKubecitLoginByJson: {}, + pb.OperationKubecitGetSlider: {}, + pb.OperationKubecitGetTeacher: {}, + pb.OperationKubecitListAllTeacher: {}, + pb.OperationKubecitListSlidersByPriority: {}, + pb.OperationKubecitListCategory: {}, + pb.OperationKubecitListCategoryV2: {}, + pb.OperationKubecitListLessons: {}, + pb.OperationKubecitGetCourse: {}, + } + // Role RegisterUser + RolePrivileges[2] = map[string]struct{}{ + pb.OperationKubecitSystemSettings: {}, + pb.OperationKubecitSearchCourse: {}, + pb.OperationKubecitRegisterUsername: {}, + pb.OperationKubecitMostNew: {}, + pb.OperationKubecitLoginByJson: {}, + pb.OperationKubecitGetSlider: {}, + pb.OperationKubecitGetTeacher: {}, + pb.OperationKubecitListAllTeacher: {}, + pb.OperationKubecitListCategory: {}, + pb.OperationKubecitListCategoryV2: {}, + pb.OperationKubecitListLessons: {}, + pb.OperationKubecitGetCourse: {}, + pb.OperationKubecitGetInfo: {}, + pb.OperationKubecitMyOrderList: {}, + pb.OperationKubecitCreateOrder: {}, + pb.OperationKubecitWalletBalance: {}, + } + // Role Lecturer + RolePrivileges[3] = map[string]struct{}{ + pb.OperationKubecitSystemSettings: {}, + pb.OperationKubecitSearchCourse: {}, + pb.OperationKubecitRegisterUsername: {}, + pb.OperationKubecitMostNew: {}, + pb.OperationKubecitLoginByJson: {}, + pb.OperationKubecitGetSlider: {}, + pb.OperationKubecitGetTeacher: {}, + pb.OperationKubecitListAllTeacher: {}, + pb.OperationKubecitListCategory: {}, + pb.OperationKubecitListCategoryV2: {}, + pb.OperationKubecitListLessons: {}, + pb.OperationKubecitGetCourse: {}, + pb.OperationKubecitGetInfo: {}, + pb.OperationKubecitMyOrderList: {}, + pb.OperationKubecitCreateOrder: {}, + pb.OperationKubecitWalletBalance: {}, + } + // Role Admin + RolePrivileges[4] = map[string]struct{}{ + pb.OperationKubecitCreateCategory: {}, + pb.OperationKubecitCreateChapter: {}, + pb.OperationKubecitCreateCourse: {}, + pb.OperationKubecitCreateLesson: {}, + pb.OperationKubecitCreateOrder: {}, + pb.OperationKubecitCreateSlider: {}, + pb.OperationKubecitCreateTeacher: {}, + pb.OperationKubecitDeleteCategory: {}, + pb.OperationKubecitDeleteChapter: {}, + pb.OperationKubecitDeleteCourse: {}, + pb.OperationKubecitDeleteLesson: {}, + pb.OperationKubecitDeleteSlider: {}, + pb.OperationKubecitGetCourse: {}, + pb.OperationKubecitGetInfo: {}, + pb.OperationKubecitGetSlider: {}, + pb.OperationKubecitGetTeacher: {}, + pb.OperationKubecitListAllTeacher: {}, + pb.OperationKubecitListCategory: {}, + pb.OperationKubecitListCategoryV2: {}, + pb.OperationKubecitListLessons: {}, + pb.OperationKubecitListSlidersByPriority: {}, + pb.OperationKubecitLoginByJson: {}, + pb.OperationKubecitMostNew: {}, + pb.OperationKubecitMyOrderList: {}, + pb.OperationKubecitRechargeWallet: {}, + pb.OperationKubecitRegisterUsername: {}, + pb.OperationKubecitReviewCourse: {}, + pb.OperationKubecitSearchCourse: {}, + pb.OperationKubecitSystemSettings: {}, + pb.OperationKubecitUpdateCategory: {}, + pb.OperationKubecitUpdateChapter: {}, + pb.OperationKubecitUpdateCourse: {}, + pb.OperationKubecitUpdateLesson: {}, + pb.OperationKubecitUpdateSlider: {}, + pb.OperationKubecitWalletBalance: {}, + } + +} From b91aa25feb033cb0eaf756e071b41d3bdd4f0165 Mon Sep 17 00:00:00 2001 From: lbzs <627062293@qq.com> Date: Tue, 26 Sep 2023 15:39:14 +0800 Subject: [PATCH 2/2] resolve conversation --- internal/biz/user.go | 1 - internal/server/privilege.go | 87 +++++++++--------------------------- internal/service/course.go | 2 +- 3 files changed, 22 insertions(+), 68 deletions(-) diff --git a/internal/biz/user.go b/internal/biz/user.go index 096ce80..4a74d95 100644 --- a/internal/biz/user.go +++ b/internal/biz/user.go @@ -23,7 +23,6 @@ const ( UserRoleInvalid uint8 = iota UserRoleGuest UserRoleRegisterUser - UserRoleLecturer UserRoleSuperAdmin ) const ( diff --git a/internal/server/privilege.go b/internal/server/privilege.go index a3018c7..2e945e6 100644 --- a/internal/server/privilege.go +++ b/internal/server/privilege.go @@ -3,21 +3,32 @@ package server import ( "context" "errors" + "github.com/go-kratos/kratos/v2/log" + "github.com/go-kratos/kratos/v2/middleware" "github.com/go-kratos/kratos/v2/transport" - pb "kubecit-service/api/helloworld/v1" - "github.com/go-kratos/kratos/v2/middleware" + pb "kubecit-service/api/helloworld/v1" + "kubecit-service/internal/biz" ) -type UserRole string - func Privilege() middleware.Middleware { return func(handler middleware.Handler) middleware.Handler { return func(ctx context.Context, req interface{}) (reply interface{}, err error) { if tmp := ctx.Value("role_id"); tmp != nil { - roleID := int(tmp.(uint8)) + roleID := tmp.(uint8) log.Debugf("current role_id: %v\n", roleID) + switch roleID { + case biz.UserRoleGuest, biz.UserRoleRegisterUser: + if tr, ok := transport.FromServerContext(ctx); ok { + if _, exist := RolePrivileges[roleID][tr.Operation()]; exist { + return handler(ctx, req) + } + } + case biz.UserRoleSuperAdmin: + return handler(ctx, req) + } + if tr, ok := transport.FromServerContext(ctx); ok { if _, exist := RolePrivileges[roleID][tr.Operation()]; exist { return handler(ctx, req) @@ -29,12 +40,12 @@ func Privilege() middleware.Middleware { } } -var RolePrivileges map[int]map[string]struct{} +var RolePrivileges map[uint8]map[string]struct{} func init() { - RolePrivileges = make(map[int]map[string]struct{}) + RolePrivileges = make(map[uint8]map[string]struct{}) // Role Guest - RolePrivileges[1] = map[string]struct{}{ + RolePrivileges[biz.UserRoleGuest] = map[string]struct{}{ pb.OperationKubecitSystemSettings: {}, pb.OperationKubecitSearchCourse: {}, pb.OperationKubecitRegisterUsername: {}, @@ -50,26 +61,7 @@ func init() { pb.OperationKubecitGetCourse: {}, } // Role RegisterUser - RolePrivileges[2] = map[string]struct{}{ - pb.OperationKubecitSystemSettings: {}, - pb.OperationKubecitSearchCourse: {}, - pb.OperationKubecitRegisterUsername: {}, - pb.OperationKubecitMostNew: {}, - pb.OperationKubecitLoginByJson: {}, - pb.OperationKubecitGetSlider: {}, - pb.OperationKubecitGetTeacher: {}, - pb.OperationKubecitListAllTeacher: {}, - pb.OperationKubecitListCategory: {}, - pb.OperationKubecitListCategoryV2: {}, - pb.OperationKubecitListLessons: {}, - pb.OperationKubecitGetCourse: {}, - pb.OperationKubecitGetInfo: {}, - pb.OperationKubecitMyOrderList: {}, - pb.OperationKubecitCreateOrder: {}, - pb.OperationKubecitWalletBalance: {}, - } - // Role Lecturer - RolePrivileges[3] = map[string]struct{}{ + RolePrivileges[biz.UserRoleRegisterUser] = map[string]struct{}{ pb.OperationKubecitSystemSettings: {}, pb.OperationKubecitSearchCourse: {}, pb.OperationKubecitRegisterUsername: {}, @@ -88,42 +80,5 @@ func init() { pb.OperationKubecitWalletBalance: {}, } // Role Admin - RolePrivileges[4] = map[string]struct{}{ - pb.OperationKubecitCreateCategory: {}, - pb.OperationKubecitCreateChapter: {}, - pb.OperationKubecitCreateCourse: {}, - pb.OperationKubecitCreateLesson: {}, - pb.OperationKubecitCreateOrder: {}, - pb.OperationKubecitCreateSlider: {}, - pb.OperationKubecitCreateTeacher: {}, - pb.OperationKubecitDeleteCategory: {}, - pb.OperationKubecitDeleteChapter: {}, - pb.OperationKubecitDeleteCourse: {}, - pb.OperationKubecitDeleteLesson: {}, - pb.OperationKubecitDeleteSlider: {}, - pb.OperationKubecitGetCourse: {}, - pb.OperationKubecitGetInfo: {}, - pb.OperationKubecitGetSlider: {}, - pb.OperationKubecitGetTeacher: {}, - pb.OperationKubecitListAllTeacher: {}, - pb.OperationKubecitListCategory: {}, - pb.OperationKubecitListCategoryV2: {}, - pb.OperationKubecitListLessons: {}, - pb.OperationKubecitListSlidersByPriority: {}, - pb.OperationKubecitLoginByJson: {}, - pb.OperationKubecitMostNew: {}, - pb.OperationKubecitMyOrderList: {}, - pb.OperationKubecitRechargeWallet: {}, - pb.OperationKubecitRegisterUsername: {}, - pb.OperationKubecitReviewCourse: {}, - pb.OperationKubecitSearchCourse: {}, - pb.OperationKubecitSystemSettings: {}, - pb.OperationKubecitUpdateCategory: {}, - pb.OperationKubecitUpdateChapter: {}, - pb.OperationKubecitUpdateCourse: {}, - pb.OperationKubecitUpdateLesson: {}, - pb.OperationKubecitUpdateSlider: {}, - pb.OperationKubecitWalletBalance: {}, - } - + RolePrivileges[biz.UserRoleSuperAdmin] = map[string]struct{}{} } diff --git a/internal/service/course.go b/internal/service/course.go index 40fb18a..b2d3359 100644 --- a/internal/service/course.go +++ b/internal/service/course.go @@ -86,7 +86,7 @@ func (s *KubecitService) UpdateCourse(ctx context.Context, req *pb.UpdateCourseR user, err := s.userUseCase.CurrentUserInfo(ctx) if err != nil { return nil, err - } else if uint8(user.RoleId) < biz.UserRoleLecturer { + } else if uint8(user.RoleId) < biz.UserRoleSuperAdmin { return nil, errors.New("not enough privileges") } course := &biz.Course{