feat: 多用户权限验证

rehiy · rehiy · commit eba939a181aa · 2023-02-03T09:45:41.000+08:00
diff --git a/api/passport/controller.go b/api/passport/controller.go
@@ -18,6 +18,8 @@ func register(c *gin.Context) {
 		return
 	}
 
+	rq.Level = 0 //防止逃逸
+
 	if id, err := user.Create(rq); err == nil {
 		c.Set("Message", "注册成功")
 		c.Set("Payload", gin.H{"Id": id})
@@ -75,6 +77,7 @@ func updateInfo(c *gin.Context) {
 	}
 
 	rq.Id = c.GetUint("UserId")
+	rq.Level = 0 //防止逃逸
 
 	if err := user.Update(rq); err == nil {
 		c.Set("Message", "修改成功")
diff --git a/api/user/router.go b/api/user/router.go
@@ -13,6 +13,7 @@ func Router(api *gin.RouterGroup) {
 	// 需授权接口
 
 	rg.Use(midware.AuthGuard())
+	rg.Use(midware.AdminGuard())
 
 	{
 		rg.GET("/user", list)
diff --git a/module/dborm/table.go b/module/dborm/table.go
@@ -110,6 +110,7 @@ type User struct {
 	AppId       string `gorm:"uniqueIndex"`
 	Username    string `gorm:"uniqueIndex"`
 	Password    string `json:"-"`
+	Level       uint   `gorm:"default:5"`
 	Description string `gorm:"default:什么也没有"`
 	Sessions    []Session
 	Vendors     []Vendor
diff --git a/module/dborm/user/model.go b/module/dborm/user/model.go
@@ -11,6 +11,7 @@ import (
 type CreateParam struct {
 	Username string `binding:"required"`
 	Password string `binding:"required"`
+	Level    uint
 }
 
 func Create(post *CreateParam) (uint, error) {
@@ -35,8 +36,9 @@ func Create(post *CreateParam) (uint, error) {
 
 type UpdateParam struct {
 	Id          uint
-	Description string
 	Password    string
+	Description string
+	Level       uint
 }
 
 func Update(post *UpdateParam) error {
diff --git a/module/midware/auth.go b/module/midware/auth.go
@@ -4,6 +4,7 @@ import (
 	"github.com/gin-gonic/gin"
 
 	"tdp-cloud/module/dborm/session"
+	"tdp-cloud/module/dborm/user"
 )
 
 func AuthGuard() gin.HandlerFunc {
@@ -25,3 +26,23 @@ func AuthGuard() gin.HandlerFunc {
 	}
 
 }
+
+func AdminGuard() gin.HandlerFunc {
+
+	return func(c *gin.Context) {
+
+		rq := &user.FetchParam{
+			Id: c.GetUint("UserId"),
+		}
+
+		user, err := user.Fetch(rq)
+
+		if err != nil || user.Level != 1 {
+			c.Set("Error", "无权限")
+			c.Abort()
+			return
+		}
+
+	}
+
+}
diff --git a/module/migrator/v100001.go b/module/migrator/v100001.go
@@ -23,6 +23,7 @@ func v100001AddUser() error {
 	_, err := user.Create(&user.CreateParam{
 		Username: "admin",
 		Password: "123456",
+		Level:    1,
 	})
 
 	return err

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,8 @@ func register(c *gin.Context) {`
`18`	`18`	`return`
`19`	`19`	`}`
`20`	`20`
	`21`	`+ rq.Level = 0 //防止逃逸`
	`22`	`+`
`21`	`23`	`if id, err := user.Create(rq); err == nil {`
`22`	`24`	`c.Set("Message", "注册成功")`
`23`	`25`	`c.Set("Payload", gin.H{"Id": id})`
`@@ -75,6 +77,7 @@ func updateInfo(c *gin.Context) {`
`75`	`77`	`}`
`76`	`78`
`77`	`79`	`rq.Id = c.GetUint("UserId")`
	`80`	`+ rq.Level = 0 //防止逃逸`
`78`	`81`
`79`	`82`	`if err := user.Update(rq); err == nil {`
`80`	`83`	`c.Set("Message", "修改成功")`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ func Router(api *gin.RouterGroup) {`
`13`	`13`	`// 需授权接口`
`14`	`14`
`15`	`15`	`rg.Use(midware.AuthGuard())`
	`16`	`+ rg.Use(midware.AdminGuard())`
`16`	`17`
`17`	`18`	`{`
`18`	`19`	`rg.GET("/user", list)`