65 lines
1.3 KiB
Go
65 lines
1.3 KiB
Go
package middleware
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/go-kratos/kratos/v2/middleware"
|
|
"github.com/go-kratos/kratos/v2/transport"
|
|
|
|
pkgcasbin "kra/pkg/casbin"
|
|
)
|
|
|
|
var (
|
|
ErrPermissionDenied = errors.New("权限不足")
|
|
)
|
|
|
|
// CasbinRBAC Casbin权限中间件
|
|
func CasbinRBAC(routerPrefix string) middleware.Middleware {
|
|
return func(handler middleware.Handler) middleware.Handler {
|
|
return func(ctx context.Context, req interface{}) (interface{}, error) {
|
|
claims, ok := GetClaims(ctx)
|
|
if !ok {
|
|
return nil, ErrMissingToken
|
|
}
|
|
|
|
if tr, ok := transport.FromServerContext(ctx); ok {
|
|
// 获取请求路径
|
|
path := tr.Operation()
|
|
if routerPrefix != "" {
|
|
path = strings.TrimPrefix(path, routerPrefix)
|
|
}
|
|
|
|
// 获取请求方法
|
|
act := "GET"
|
|
if header := tr.RequestHeader(); header != nil {
|
|
if method := header.Get(":method"); method != "" {
|
|
act = method
|
|
}
|
|
}
|
|
|
|
// 获取用户角色
|
|
sub := strconv.Itoa(int(claims.AuthorityID))
|
|
|
|
// 检查权限
|
|
enforcer := pkgcasbin.GetEnforcer()
|
|
if enforcer == nil {
|
|
return handler(ctx, req)
|
|
}
|
|
|
|
success, err := enforcer.Enforce(sub, path, act)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if !success {
|
|
return nil, ErrPermissionDenied
|
|
}
|
|
}
|
|
|
|
return handler(ctx, req)
|
|
}
|
|
}
|
|
}
|