|
|
package Handler
|
|
|
|
|
|
import (
|
|
|
"bufio"
|
|
|
"dsSso/Const/DefaultConst"
|
|
|
"dsSso/Handler/CheckHandler"
|
|
|
"dsSso/Utils/CommonUtil"
|
|
|
"dsSso/Utils/ConfigUtil"
|
|
|
"dsSso/Utils/SsoUtil"
|
|
|
"fmt"
|
|
|
"github.com/gin-gonic/gin"
|
|
|
"io"
|
|
|
"net/http"
|
|
|
"os"
|
|
|
"strings"
|
|
|
)
|
|
|
|
|
|
//白名单数组
|
|
|
var WhiteArray []string
|
|
|
|
|
|
//特权放行的IP段
|
|
|
var passIpRange = []string{"10.10.24.", "127.0.0."}
|
|
|
|
|
|
// 初始化白名单
|
|
|
func init() {
|
|
|
f, err := os.Open("./Config/White.txt")
|
|
|
if err != nil {
|
|
|
fmt.Println("没有找到白名单文件!")
|
|
|
}
|
|
|
buf := bufio.NewReader(f)
|
|
|
|
|
|
var shouldBreak = false
|
|
|
for {
|
|
|
line, err := buf.ReadString('\n')
|
|
|
if err != nil || io.EOF == err {
|
|
|
shouldBreak = true
|
|
|
}
|
|
|
line = strings.TrimSpace(line)
|
|
|
if strings.Index(line, "#") < 0 && len(line) > 0 {
|
|
|
WhiteArray = append(WhiteArray, line)
|
|
|
}
|
|
|
if shouldBreak {
|
|
|
break
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
功能:将权限校验的东西放在这里进行
|
|
|
作者:黄海
|
|
|
时间:2020-01-22
|
|
|
*/
|
|
|
func AuthorizeHandler() gin.HandlerFunc {
|
|
|
return func(c *gin.Context) {
|
|
|
var resultStruct CheckHandler.ResultStruct
|
|
|
//检查参数的合法性
|
|
|
result, resultStruct := CheckHandler.IsLegal(c)
|
|
|
if !result {
|
|
|
c.JSON(http.StatusOK, gin.H{
|
|
|
"success": false,
|
|
|
"InterfaceName": resultStruct.InterfaceName,
|
|
|
"HttpType": resultStruct.HttpType,
|
|
|
"Parameter": resultStruct.Parameter,
|
|
|
"Message": resultStruct.Message,
|
|
|
})
|
|
|
c.Abort()
|
|
|
}
|
|
|
//是否需要放行
|
|
|
var isWhiteRequestUrl = false
|
|
|
//定义一个白名单,如果在白名单中,直接放行
|
|
|
for i := 0; i < len(WhiteArray); i++ {
|
|
|
if strings.Index(c.Request.RequestURI, WhiteArray[i]) >= 0 {
|
|
|
//放行~
|
|
|
isWhiteRequestUrl = true
|
|
|
break
|
|
|
}
|
|
|
}
|
|
|
if isWhiteRequestUrl {
|
|
|
c.Next()
|
|
|
} else {
|
|
|
//如果是内部地址,可以随意~
|
|
|
var clientIp = CommonUtil.RemoteIp(c.Request)
|
|
|
var arrIp = strings.Split(clientIp, ".")
|
|
|
var prefixIp = arrIp[0] + "." + arrIp[1] + "." + arrIp[2] + "."
|
|
|
if CommonUtil.InArray(prefixIp, passIpRange) {
|
|
|
c.Next()
|
|
|
return
|
|
|
}
|
|
|
//从cookie中读取回来identity_id和person_id
|
|
|
var identityId = DefaultConst.IdentityId
|
|
|
var personId = DefaultConst.PersonId
|
|
|
cookie, e := c.Request.Cookie(ConfigUtil.AccessToken)
|
|
|
//是不是可以通行
|
|
|
var canPass = true
|
|
|
if e == nil {
|
|
|
identityId, personId, _ = SsoUtil.AnalyzeSessionId(cookie.Value)
|
|
|
if identityId != "0" || personId != "0" {
|
|
|
//不是统一认证管理员,拒绝
|
|
|
canPass = false
|
|
|
}
|
|
|
} else {
|
|
|
//没有登录,拒绝
|
|
|
canPass = false
|
|
|
}
|
|
|
if !canPass {
|
|
|
c.JSON(301, gin.H{
|
|
|
"success": false,
|
|
|
"Message": "您不是合法的统一认证管理员,请求被禁止!",
|
|
|
})
|
|
|
c.Abort()
|
|
|
}
|
|
|
//检查通过
|
|
|
c.Next()
|
|
|
}
|
|
|
}
|
|
|
}
|
