重构代码结构与认证体系,集成异步任务消费者
This commit is contained in:
99
web/auth/check.go
Normal file
99
web/auth/check.go
Normal file
@@ -0,0 +1,99 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"platform/web/domains/client"
|
||||
m "platform/web/models"
|
||||
|
||||
"github.com/gofiber/fiber/v2"
|
||||
)
|
||||
|
||||
type AuthCtx struct {
|
||||
User *m.User `json:"account,omitempty"`
|
||||
Admin *m.Admin `json:"admin,omitempty"`
|
||||
Client *m.Client `json:"client,omitempty"`
|
||||
Scopes []string `json:"scopes,omitempty"`
|
||||
Session *m.Session `json:"session,omitempty"`
|
||||
smap map[string]struct{}
|
||||
}
|
||||
|
||||
func (a *AuthCtx) PermitUser(scopes ...string) (*AuthCtx, error) {
|
||||
if a.User == nil {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
if !a.checkScopes(scopes...) {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
return a, nil
|
||||
}
|
||||
|
||||
func (a *AuthCtx) PermitAdmin(scopes ...string) (*AuthCtx, error) {
|
||||
if a.Admin == nil {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
if !a.checkScopes(scopes...) {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
return a, nil
|
||||
}
|
||||
|
||||
func (a *AuthCtx) PermitSecretClient(scopes ...string) (*AuthCtx, error) {
|
||||
if a.Client == nil {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
spec := client.Spec(a.Client.Spec)
|
||||
if spec != client.SpecApi && spec != client.SpecWeb {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
if !a.checkScopes(scopes...) {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
return a, nil
|
||||
}
|
||||
|
||||
func (a *AuthCtx) PermitInternalClient(scopes ...string) (*AuthCtx, error) {
|
||||
if a.Client == nil {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
spec := client.Spec(a.Client.Spec)
|
||||
if spec != client.SpecApi && spec != client.SpecWeb {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
cType := client.Type(a.Client.Type)
|
||||
if cType != client.TypeInternal {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
if !a.checkScopes(scopes...) {
|
||||
return a, ErrAuthenticateForbidden
|
||||
}
|
||||
return a, nil
|
||||
}
|
||||
|
||||
func (a *AuthCtx) checkScopes(scopes ...string) bool {
|
||||
if len(scopes) == 0 || len(a.Scopes) == 0 {
|
||||
return true
|
||||
}
|
||||
if len(a.smap) == 0 && len(a.Scopes) > 0 {
|
||||
for _, scope := range scopes {
|
||||
a.smap[scope] = struct{}{}
|
||||
}
|
||||
}
|
||||
for _, scope := range scopes {
|
||||
if _, ok := a.smap[scope]; ok {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
const AuthCtxKey = "session"
|
||||
|
||||
func SetAuthCtx(c *fiber.Ctx, auth *AuthCtx) {
|
||||
c.Locals(AuthCtxKey, auth)
|
||||
}
|
||||
|
||||
func GetAuthCtx(c *fiber.Ctx) *AuthCtx {
|
||||
if authCtx, ok := c.Locals(AuthCtxKey).(*AuthCtx); ok {
|
||||
return authCtx
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user