后台格式规范化引入casbin做鉴权

2019-12-12 13:21:16 +08:00
parent effab2d2b0
commit 3f17e80944
46 changed files with 576 additions and 338 deletions
--- a/QMPlusServer/middleware/jwt.go
+++ b/QMPlusServer/middleware/jwt.go
@@ -2,22 +2,13 @@ package middleware

 import (
 	"errors"
-	"fmt"
 	"github.com/dgrijalva/jwt-go"
 	"github.com/gin-gonic/gin"
 	uuid "github.com/satori/go.uuid"
 	"main/controller/servers"
-	"main/init/qmsql"
 	"time"
 )

-type SqlRes struct {
-	Path        string
-	AuthorityId string
-	ApiId       uint
-	Id          uint
-}
-
 func JWTAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// 我们这里jwt鉴权取头部信息 x-token 登录时回返回token信息 这里前端需要把token存储到cookie或者本地localSstorage中 不过需要跟后端协商过期时间 可以约定刷新令牌或者重新登录
@@ -46,15 +37,8 @@ func JWTAuth() gin.HandlerFunc {
 			c.Abort()
 			return
 		}
-		var sqlRes SqlRes
-		row := qmsql.DEFAULTDB.Raw("SELECT apis.path,api_authorities.authority_id,api_authorities.api_id,apis.id FROM apis INNER JOIN api_authorities ON api_authorities.api_id = apis.id 	WHERE apis.path = ? AND	api_authorities.authority_id = ?", c.Request.RequestURI, claims.AuthorityId)
-		err = row.Scan(&sqlRes).Error
-		if fmt.Sprintf("%v", err) == "record not found" {
-			servers.ReportFormat(c, false, "没有Api操作权限", gin.H{})
-			c.Abort()
-			return
-		}
 		c.Set("claims", claims)
+		c.Next()
 	}
 }