xugu_license/internal/middleware/auth.go

package middlewares

import (
	"errors"
	"fmt"
	"net/http"
	"sync"
	"xugu_license/internal/global"
	"xugu_license/internal/models"

	"github.com/gin-gonic/gin"
)

var Roles = map[string]Role{
	"admin":       AdminRole,
	"supportRole": SupportRole,
	"guest":       GuestRole,
}

type UserPermission struct {
	UserInfo models.UserInfo
	Role     Role
}

// 定义权限类型
type Permission string

const (
	// License 相关权限
	GenerateLicense   Permission = "generate_license"    //生成license
	UploadLicense     Permission = "upload_license"      //上传license
	ReadLicense       Permission = "read_license"        //读取license
	ReadAllLicense    Permission = "read_all_license"    //读取所有license
	ReadlicenseRecord Permission = "read_license_record" //读取license
	UpdateLicense     Permission = "update_license"      //更新license
	DeleteLicense     Permission = "delete_license"      //删除license
	// 消息分发权限
	DispatLicense Permission = "dispat_license" //分发license
	// 主动抓取oaLicense到支撑库
	CaptureLicenseOnceToDb Permission = "capture_license_once_to_db" //主动抓取oaLicense到支撑库
	// 获得用户信息
	//GetUserInfo1 Permission = "get_user_info" //获得用户信息
	// 用户管理权限
	CreateUser Permission = "create_user" //创建用户
	ReadUser   Permission = "read_user"   //读取用户
	UpdateUser Permission = "update_user" //更新用户
	DeleteUser Permission = "delete_user" //删除用户

	//角色管理权限
	CreateRole Permission = "create_role" //创建角色
	DeleteRole Permission = "delete_role" //删除角色
	UpdateRole Permission = "update_role" //更新角色
	GetRole    Permission = "get_role"    //获得角色
)

// 定义映射
var permissionMap = map[string]Permission{
	"generate_license":           GenerateLicense,
	"upload_license":             UploadLicense,
	"read_license":               ReadLicense,
	"read_all_license":           ReadAllLicense,
	"read_license_record":        ReadlicenseRecord,
	"update_license":             UpdateLicense,
	"delete_license":             DeleteLicense,
	"dispat_license":             DispatLicense,
	"capture_license_once_to_db": CaptureLicenseOnceToDb,

	//"get_user_info":    GetUserInfo1,
	"create_user": CreateUser,
	"read_user":   ReadUser,
	"update_user": UpdateUser,
	"delete_user": DeleteUser,
	"create_role": CreateRole,
	"delete_role": DeleteRole,
	"update_role": UpdateRole,
	"get_role":    GetRole,
}

// MapBasedStringToPermission 使用 map 进行字符串到 Permission 的转换
func MapBasedStringToPermission(permissionStr string) (Permission, error) {
	fmt.Println("permissionStr: ", permissionStr)
	if perm, exists := permissionMap[permissionStr]; exists {
		return perm, nil
	}
	return "", errors.New("invalid permission string")
}

// StringsToPermissions 将字符串数组转换为 Permission 数组
func StringsToPermissions(permissionStrs []string) ([]Permission, error) {
	var permissions []Permission
	fmt.Println("permissionStrs: ", permissionStrs)
	for _, str := range permissionStrs {
		perm, err := MapBasedStringToPermission(str)
		if err != nil {
			return nil, err // 如果有任何一个字符串无效，返回错误
		}
		permissions = append(permissions, perm)
	}
	return permissions, nil
}

type Role struct {
	Id          int
	Name        string
	Permissions []Permission
}

var AdminRole = Role{
	Id:   0,
	Name: "admin",
	Permissions: []Permission{
		GenerateLicense,
		UploadLicense,
		ReadLicense,
		ReadAllLicense,
		UpdateLicense,
		DeleteLicense,
		DispatLicense,
		CaptureLicenseOnceToDb,
		//GetUserInfo1,
		ReadlicenseRecord,
		CreateUser,
		ReadUser,
		UpdateUser,
		DeleteUser,
		CreateRole,
		DeleteRole,
		UpdateRole,
		GetRole,
	},
}

var SupportRole = Role{
	Id:   0,
	Name: "support",
	Permissions: []Permission{
		ReadLicense,
		DispatLicense,
		ReadLicense,
		//GetUserInfo1,
		ReadlicenseRecord,
		ReadUser,
		UpdateUser,
		DeleteUser,
		CreateRole,
		UploadLicense,
	},
}

var GuestRole = Role{
	Id:   0,
	Name: "guest",
	Permissions: []Permission{
		ReadLicense,
	},
}

// RBAC 中间件
func PermissionMiddleware(requiredPermission Permission) gin.HandlerFunc {
	return func(c *gin.Context) {
		userAny, exists := c.Get("userInfo")
		if !exists {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
			c.Abort()
			return
		}

		userInfo := userAny.(*UserAuthInfo)
		uP := UserPermission{
			//UserInfo: *userInfo,
			Role: Role{
				Name: userInfo.Role,
			},
		}

		// switch userInfo.Role {
		// case "admin":
		// 	uP.Role = AdminRole
		// case "support":
		// 	uP.Role = SupportRole
		// case "guest":
		// 	uP.Role = GuestRole
		// default:
		// 	c.JSON(http.StatusBadRequest, gin.H{"error": "invalid role"})
		// 	c.Abort()
		// 	return
		// }

		// 检查用户是否具有所需的权限
		roleKey := userInfo.Role
		if role, exists := Roles[roleKey]; exists {
			// 如果存在，可以在这里使用 role 进行后续操作
			uP.Role = role
		} else {
			// 如果不存在，进行相应的处理
			global.Logger.Errorln("Role does not exist ")
			c.JSON(http.StatusBadRequest, gin.H{"error": "invalid role"})
			c.Abort()
			return
		}

		hasPermission := false
		for _, p := range uP.Role.Permissions {
			if p == requiredPermission {
				hasPermission = true
				break
			}
		}

		if !hasPermission {
			global.Logger.Errorln("没有权限 ")
			c.JSON(http.StatusForbidden, gin.H{"error": "没有权限"})
			c.Abort()
			return
		}

		c.Next()
	}
}

var mu sync.Mutex

// 权限分配功能
// func AssignRole(c *gin.Context) {
// 	var req struct {
// 		Username string `json:"username" binding:"required"`
// 		Role     string `json:"role" binding:"required"`
// 	}

// 	if err := c.ShouldBindJSON(&req); err != nil {
// 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
// 		return
// 	}

// 	mu.Lock()
// 	defer mu.Unlock()

// 	//从数据库里查询用户
// 	user, exists := users[req.Username]
// 	if exists {
// 		switch req.Role {
// 		case "admin":
// 			user.Role = AdminRole
// 		case "user":
// 			user.Role = UserRole
// 		case "guest":
// 			user.Role = GuestRole
// 		default:
// 			c.JSON(http.StatusBadRequest, gin.H{"error": "invalid role"})
// 			return
// 		}
// 		users[req.Username] = user
// 	} else {
// 		c.JSON(http.StatusNotFound, gin.H{"error": "user not found"})
// 		return
// 	}

// 	c.JSON(http.StatusOK, gin.H{"message": "Role assigned successfully"})
// }