| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 |
- package permission
- import (
- log "IotAdmin/core/logger"
- jwtauth "IotAdmin/core/sdk/pkg/jwt-auth"
- "IotAdmin/core/sdk/pkg/response"
- "github.com/casbin/casbin/v2"
- "github.com/casbin/casbin/v2/util"
- "github.com/gin-gonic/gin"
- )
- func CheckRoleApi(c *gin.Context, v jwtauth.MapClaims, e *casbin.SyncedEnforcer) (res bool) {
- res = true
- //检查权限 角色为 admin 直接放行
- if v["rolekey"] == "admin" {
- return
- }
- url := c.Request.URL.Path
- if util.KeyMatch2(url, "/api/sys/*") || util.KeyMatch2(url, "/api/web/*") {
- return
- }
- res = false
- for _, i := range CasbinExclude {
- if util.KeyMatch2(url, i.Url) && c.Request.Method == i.Method {
- res = true
- break
- }
- }
- if res {
- log.Infof("Casbin exclusion, no validation method:%s path:%s", c.Request.Method, c.Request.URL.Path)
- return
- }
- res, err := e.Enforce(v["rolekey"], c.Request.URL.Path, c.Request.Method)
- if err != nil {
- log.Errorf("AuthCheckRole error:%s method:%s path:%s", err, c.Request.Method, c.Request.URL.Path)
- response.Error(c, 500, err, "")
- return false
- }
- return res
- }
- type UrlInfo struct {
- Url string
- Method string
- }
- // CasbinExclude casbin 排除的路由列表
- var CasbinExclude = []UrlInfo{
- {Url: "/", Method: "GET"},
- {Url: "/info", Method: "GET"},
- {Url: "/api/login", Method: "POST"},
- {Url: "/api/refresh-token", Method: "POST"},
- {Url: "/api/logout", Method: "POST"},
- {Url: "/api/captcha", Method: "POST"},
- {Url: "/api/metrics", Method: "GET"},
- {Url: "/api/health", Method: "GET"},
- }
|
