2023-06-27 09:29:43 +08:00
|
|
|
import { Config, Inject, Provide } from '@midwayjs/decorator';
|
|
|
|
|
import { IMidwayKoaContext, IWebMiddleware, NextFunction } from '@midwayjs/koa';
|
2023-01-29 15:26:58 +08:00
|
|
|
import * as jwt from 'jsonwebtoken';
|
|
|
|
|
import { Constants } from '../basic/constants';
|
2023-06-27 09:29:43 +08:00
|
|
|
import { MidwayWebRouterService } from '@midwayjs/core';
|
|
|
|
|
import { RoleService } from '../modules/authority/service/role-service';
|
|
|
|
|
import { logger } from '../utils/logger';
|
2023-01-29 15:26:58 +08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 权限校验
|
|
|
|
|
*/
|
|
|
|
|
@Provide()
|
|
|
|
|
export class AuthorityMiddleware implements IWebMiddleware {
|
2023-06-28 09:44:35 +08:00
|
|
|
@Config('keys')
|
2023-01-29 15:26:58 +08:00
|
|
|
private secret: string;
|
2023-06-27 09:29:43 +08:00
|
|
|
@Inject()
|
|
|
|
|
webRouterService: MidwayWebRouterService;
|
|
|
|
|
@Inject()
|
|
|
|
|
roleService: RoleService;
|
2023-01-29 15:26:58 +08:00
|
|
|
|
|
|
|
|
resolve() {
|
|
|
|
|
return async (ctx: IMidwayKoaContext, next: NextFunction) => {
|
2023-06-27 09:29:43 +08:00
|
|
|
// 查询当前路由是否在路由表中注册
|
|
|
|
|
const routeInfo = await this.webRouterService.getMatchedRouterInfo(
|
|
|
|
|
ctx.path,
|
|
|
|
|
ctx.method
|
|
|
|
|
);
|
2023-06-27 22:45:27 +08:00
|
|
|
if (routeInfo == null) {
|
|
|
|
|
// 404
|
|
|
|
|
await next();
|
|
|
|
|
return;
|
|
|
|
|
}
|
2023-06-27 09:29:43 +08:00
|
|
|
const permission = routeInfo.summary;
|
|
|
|
|
if (permission == null || permission === '') {
|
|
|
|
|
ctx.status = 500;
|
|
|
|
|
ctx.body = Constants.res.serverError(
|
|
|
|
|
'该路由未配置权限控制:' + ctx.path
|
|
|
|
|
);
|
|
|
|
|
return;
|
2023-01-29 15:26:58 +08:00
|
|
|
}
|
2023-06-27 09:29:43 +08:00
|
|
|
|
|
|
|
|
if (permission === Constants.per.guest) {
|
2023-01-29 15:26:58 +08:00
|
|
|
await next();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-27 09:29:43 +08:00
|
|
|
let token = ctx.get('Authorization') || '';
|
|
|
|
|
token = token.replace('Bearer ', '').trim();
|
2023-06-27 22:45:27 +08:00
|
|
|
if (token === '') {
|
|
|
|
|
//尝试从cookie中获取token
|
|
|
|
|
token = ctx.cookies.get('token') || '';
|
|
|
|
|
}
|
|
|
|
|
if (token === '') {
|
|
|
|
|
//尝试从query中获取token
|
|
|
|
|
token = (ctx.query.token as string) || '';
|
|
|
|
|
}
|
2023-01-29 15:26:58 +08:00
|
|
|
try {
|
|
|
|
|
ctx.user = jwt.verify(token, this.secret);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
ctx.status = 401;
|
|
|
|
|
ctx.body = Constants.res.auth;
|
|
|
|
|
return;
|
|
|
|
|
}
|
2023-06-27 09:29:43 +08:00
|
|
|
|
|
|
|
|
if (permission !== Constants.per.authOnly) {
|
|
|
|
|
//如果不是仅校验登录,还需要校验是否拥有权限
|
|
|
|
|
const roleIds: number[] = ctx.user.roles;
|
|
|
|
|
const permissions =
|
|
|
|
|
await this.roleService.getCachedPermissionSetByRoleIds(roleIds);
|
|
|
|
|
|
|
|
|
|
if (!permissions.has(permission)) {
|
|
|
|
|
logger.info('not permission: ', ctx.req.url);
|
|
|
|
|
ctx.status = 401;
|
|
|
|
|
ctx.body = Constants.res.permission;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-01-29 15:26:58 +08:00
|
|
|
await next();
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
}
|
