修改权限校验方式

.gitignore

@@ -1,2 +1,4 @@
 /gateway
 /logs/
+.idea/
+.idea/*

common/enum/enum.go

@@ -0,0 +1,23 @@
+package enum
+
+import "strings"
+
+type Enum struct {
+	code int64
+	desc []string
+}
+
+func NewEnum(code int64, desc ...string) *Enum {
+	return &Enum{
+		code: code,
+		desc: desc,
+	}
+}
+
+func (e *Enum) GetCode() int64 {
+	return e.code
+}
+
+func (e *Enum) GetDescription() string {
+	return strings.Join(e.desc, ",")
+}

common/enum/enum_accoutCheck.go

@@ -0,0 +1,33 @@
+package enum
+
+var (
+	notAccountCheck = NewEnum(0, "不需要校验账户状态")   //0 -> 00000000
+	needUserAccount = NewEnum(1, "需要用户账户状态")    //1 -> 00000001
+	needEntAccount  = NewEnum(1<<1, "需要企业账户状态") //2 -> 00000010
+)
+
+type AccountCheck struct {
+	*Enum
+}
+
+// NewAccountCheck 初始化账户状态校验对象
+func NewAccountCheck(code int64, desc ...string) *AccountCheck {
+	return &AccountCheck{
+		NewEnum(code, desc...),
+	}
+}
+
+// NeedCheck 是否需要进行账户状态校验
+func (ac *AccountCheck) NeedCheck() bool {
+	return ac.GetCode() != notAccountCheck.code
+}
+
+// CheckUserAccount 校验是否需要用户Status
+func (ac *AccountCheck) CheckUserAccount() bool {
+	return needUserAccount.code == (ac.GetCode() & needUserAccount.code)
+}
+
+// CheckEntAccount 校验是否需要企业Status
+func (ac *AccountCheck) CheckEntAccount() bool {
+	return needEntAccount.code == (ac.GetCode() & needEntAccount.code)
+}

common/enum/enum_authCheck.go

@@ -0,0 +1,33 @@
+package enum
+
+var (
+	notAuthCheck = NewEnum(0, "不需要认证")     //0 -> 00000000
+	needUserAuth = NewEnum(1, "需要用户认证")    //1 -> 00000001
+	needEntAuth  = NewEnum(1<<1, "需要企业认证") //2 -> 00000010
+)
+
+type AuthCheck struct {
+	*Enum
+}
+
+// NewAuthCheck 初始化权限校验对象
+func NewAuthCheck(code int64, desc ...string) *AuthCheck {
+	return &AuthCheck{
+		NewEnum(code, desc...),
+	}
+}
+
+// NeedCheck 是否需要账户认证校验
+func (ac *AuthCheck) NeedCheck() bool {
+	return ac.GetCode() != notAuthCheck.code
+}
+
+// CheckUserAuth 校验是否需要用户认证
+func (ac *AuthCheck) CheckUserAuth() bool {
+	return needUserAuth.code == (ac.GetCode() & needUserAuth.code)
+}
+
+// CheckEntAuth 校验是否需要企业认证
+func (ac *AuthCheck) CheckEntAuth() bool {
+	return needEntAuth.code == (ac.GetCode() & needEntAuth.code)
+}

common/enum/enum_sessCheck.go

@@ -0,0 +1,33 @@
+package enum
+
+var (
+	notSession      = NewEnum(0, "不需要session")     //0 -> 00000000
+	needUserSession = NewEnum(1, "需要用户session")    //1 -> 00000001
+	needEntSession  = NewEnum(1<<1, "需要企业session") //2 -> 00000010
+)
+
+type SessCheck struct {
+	*Enum
+}
+
+// NewSessCheck 初始化权限校验对象
+func NewSessCheck(code int64, desc ...string) *SessCheck {
+	return &SessCheck{
+		NewEnum(code, desc...),
+	}
+}
+
+// NeedCheck 是否需要登录状态校验
+func (sc *SessCheck) NeedCheck() bool {
+	return sc.GetCode() != notSession.code
+}
+
+// CheckUserSession 校验是否需要用户Session
+func (sc *SessCheck) CheckUserSession() bool {
+	return needUserSession.code == (sc.GetCode() & needUserSession.code)
+}
+
+// CheckEntSession 校验是否需要企业Session
+func (sc *SessCheck) CheckEntSession() bool {
+	return needEntSession.code == (sc.GetCode() & needEntSession.code)
+}

common/enum/enum_test.go

@@ -0,0 +1,53 @@
+package enum
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestSessionCheck(t *testing.T) {
+	// 0 -> 00000000
+	needNoSession := NewSessCheck(0)
+	fmt.Printf("needNoSession ============\nneedCheck %v \nuserId %v \nentId:%v\n", needNoSession.NeedCheck(), needNoSession.CheckUserSession(), needNoSession.CheckEntSession())
+
+	// 1 -> 00000010
+	needUserSession := NewSessCheck(1)
+	fmt.Printf("needUserSession  ============\nneedCheck %v \nuserId %v \nentId:%v\n", needUserSession.NeedCheck(), needUserSession.CheckUserSession(), needUserSession.CheckEntSession())
+
+	// 2 -> 00000010
+	needEntSession := NewSessCheck(2)
+	fmt.Printf("needEntSession  ============\nneedCheck %v \nuserId %v \nentId:%v\n", needEntSession.NeedCheck(), needEntSession.CheckUserSession(), needEntSession.CheckEntSession())
+
+	// 3 -> 00000011
+	needEntAndUserSession := NewSessCheck(3)
+	fmt.Printf("needEntAndUserSession  ============\nneedCheck %v \nuserId %v \nentId:%v\n", needEntAndUserSession.NeedCheck(), needEntAndUserSession.CheckUserSession(), needEntAndUserSession.CheckEntSession())
+
+	// 4 -> 00000100
+	otherSession := NewSessCheck(4)
+	fmt.Printf("needFullerSession  ============\nneedCheck %v \nuserId %v \nentId:%v\n", otherSession.NeedCheck(), otherSession.CheckUserSession(), otherSession.CheckEntSession())
+
+	//is not need
+
+}
+
+func TestStatusCheck(t *testing.T) {
+	// 0 -> 00000000
+	needNoStatusCheck := NewAccountCheck(0)
+	fmt.Printf("needNoStatusCheck ============\nneedCheck %v \nuserId %v \nentId:%v\n", needNoStatusCheck.NeedCheck(), needNoStatusCheck.CheckUserAccount(), needNoStatusCheck.CheckEntAccount())
+
+	// 1 -> 00000010
+	needUserStatus := NewAccountCheck(1)
+	fmt.Printf("needUserAccount  ============\nneedCheck %v \nuserId %v \nentId:%v\n", needUserStatus.NeedCheck(), needUserStatus.CheckUserAccount(), needUserStatus.CheckEntAccount())
+
+	// 2 -> 00000010
+	needEntStatus := NewAccountCheck(2)
+	fmt.Printf("needEntAccount  ============\nneedCheck %v \nuserId %v \nentId:%v\n", needEntStatus.NeedCheck(), needEntStatus.CheckUserAccount(), needEntStatus.CheckEntAccount())
+
+	// 3 -> 00000011
+	needEntAndUserStatus := NewAccountCheck(3)
+	fmt.Printf("needEntAndUserStatus  ============\nneedCheck %v \nuserId %v \nentId:%v\n", needEntAndUserStatus.NeedCheck(), needEntAndUserStatus.CheckUserAccount(), needEntAndUserStatus.CheckEntAccount())
+
+	// 4 -> 00000100
+	otherStatus := NewAccountCheck(4)
+	fmt.Printf("otherStatus  ============\nneedCheck %v \nuserId %v \nentId:%v\n", otherStatus.NeedCheck(), otherStatus.CheckUserAccount(), otherStatus.CheckEntAccount())
+}

common/util.go

@@ -1,16 +1,12 @@
 package common
 
-import (
-	"math"
-)
-
-// SplitPower 多维权限拆解
-// xyz【1需要 0 不需要】
-// SplitPower(1001)=[]bool{true,false,false,true}
-func SplitPower(power, num int) []bool {
-	boolArr := make([]bool, num)
-	for i := 0; i < num; i++ {
-		boolArr[num-i-1] = power/int(math.Pow(10, float64(i)))%10 == 1
-	}
-	return boolArr
-}
+//// SplitPower 多维权限拆解
+//// xyz【1需要 0 不需要】
+//// SplitPower(1001)=[]bool{true,false,false,true}
+//func SplitPower(power, num int) []bool {
+//	boolArr := make([]bool, num)
+//	for i := 0; i < num; i++ {
+//		boolArr[num-i-1] = power/int(math.Pow(10, float64(i)))%10 == 1
+//	}
+//	return boolArr
+//}

core/proxy/middleware/filterFuncs.go

@@ -1,7 +1,6 @@
 package middleware
 
 import (
-	"bp.jydev.jianyu360.cn/BaseService/gateway/common"
 	. "bp.jydev.jianyu360.cn/BaseService/gateway/common/gatecode"
 	"bp.jydev.jianyu360.cn/BaseService/gateway/core/proxy/rpc"
 	"bp.jydev.jianyu360.cn/BaseService/gateway/core/router"
@@ -9,7 +8,6 @@ import (
 	"github.com/gogf/gf/v2/os/gcfg"
 	"github.com/gogf/gf/v2/os/gctx"
 	"github.com/gogf/gf/v2/util/gconv"
-	"net/http"
 	"strings"
 )
 
@@ -21,9 +19,10 @@ func filterBefore(r *ghttp.Request) error {
 	ctx := router.GetGContext(r.GetCtx())
 	rule := ctx.RouterRule
 
-	if rule.SessCheck != 0 {
-		sessionPower := common.SplitPower(rule.SessCheck, 2)
-		uCheck, eCheck := sessionPower[0], sessionPower[1]
+	if rule.SessCheck.NeedCheck() {
+
+		uCheck, eCheck := rule.SessCheck.CheckUserSession(), rule.SessCheck.CheckEntSession()
+
 		if uCheck && ctx.Sess.UserId == "" {
 			return NewErrorWithCode(GLOBAL_ERR_NOTLOGIN)
 		}
@@ -32,14 +31,14 @@ func filterBefore(r *ghttp.Request) error {
 		}
 
 		//	用户身份注入请求体中
-		if (uCheck || eCheck) && r.Request.Method == http.MethodPost {
+		if uCheck || eCheck {
 			infusionIdentity(r, ctx.Sess, rule.AppId)
 		}
 	}
 
 	//校验账户状态,校验认证状态
-	if rule.AccountCheck != 0 || rule.AuthCheck != 0 {
-		if err := rpc.CheckAccountStatus(ctx.Sess.EntId, ctx.Sess.UserId, rule.AuthCheck, rule.AccountCheck); err != nil {
+	if rule.AccountCheck.NeedCheck() || rule.AuthCheck.NeedCheck() {
+		if err := rpc.CheckAccountStatus(ctx.Sess.EntId, ctx.Sess.UserId, rule); err != nil {
 			return err
 		}
 	}

core/proxy/rpc/userCenter.go

@@ -1,8 +1,8 @@
 package rpc
 
 import (
-	"bp.jydev.jianyu360.cn/BaseService/gateway/common"
 	. "bp.jydev.jianyu360.cn/BaseService/gateway/common/gatecode"
+	"bp.jydev.jianyu360.cn/BaseService/gateway/core/router"
 	"bp.jydev.jianyu360.cn/BaseService/userCenter/rpc/pb"
 	"bp.jydev.jianyu360.cn/BaseService/userCenter/rpc/usercenter"
 	"fmt"
@@ -24,28 +24,21 @@ func initUserCenterRpc() {
 }
 
 // CheckAccountStatus 校验企业认证状态及账户状态
-//  authCheck 是否需要认证；xy  x个人 y企业 0：否 1是,
-//  statusCheck是否需要检查状态（冻结）；xy  x个人 y企业 0：否 1是,
-func CheckAccountStatus(entId int64, userId string, authCheck, statusCheck int) error {
-	if authCheck == 0 && statusCheck == 0 {
+func CheckAccountStatus(entId int64, userId string, rule *router.Router) error {
+	if rule.AuthCheck.GetCode() == 0 && rule.AccountCheck.GetCode() == 0 {
 		return nil
 	}
 
-	authCheckArr := common.SplitPower(authCheck, 2)
-	statusCheckArr := common.SplitPower(statusCheck, 2)
-	authUser, authEnt := authCheckArr[0], authCheckArr[1]
-	statusUser, statusEnt := statusCheckArr[0], statusCheckArr[1]
-
 	//查询个人状态
-	if authUser || statusUser {
-		if userErr := checkPersonalStatus(userId, authCheck == 2, statusCheck == 2); userErr != nil {
+	if rule.AuthCheck.CheckUserAuth() || rule.AccountCheck.CheckUserAccount() {
+		if userErr := checkPersonalStatus(userId, rule.AuthCheck.CheckUserAuth(), rule.AccountCheck.CheckUserAccount()); userErr != nil {
 			return userErr
 		}
 	}
 
 	//查询企业状态
-	if authEnt || statusEnt {
-		if entErr := checkEntStatus(entId, authCheck == 1, statusCheck == 1); entErr != nil {
+	if rule.AuthCheck.CheckEntAuth() || rule.AccountCheck.CheckEntAccount() {
+		if entErr := checkEntStatus(entId, rule.AuthCheck.CheckEntAuth(), rule.AccountCheck.CheckEntAccount()); entErr != nil {
 			return entErr
 		}
 	}
@@ -53,7 +46,7 @@ func CheckAccountStatus(entId int64, userId string, authCheck, statusCheck int)
 }
 
 // checkEntStatus 校验企业状态
-func checkEntStatus(entId int64, authCheck, statusCheck bool) error {
+func checkEntStatus(entId int64, authCheck, accountCheck bool) error {
 	res, err := UserCenterRpc.CheckEnt(gctx.New(), &pb.CheckEntReq{
 		EntId: entId,
 	})
@@ -62,7 +55,7 @@ func checkEntStatus(entId int64, authCheck, statusCheck bool) error {
 	}
 
 	//校验是否冻结
-	if statusCheck && res.Data.FrozenStatus == 1 {
+	if accountCheck && res.Data.FrozenStatus == 1 {
 		return NewErrorWithCode(GLOBAL_ERR_ENTACCOUNT_STATUS, fmt.Sprintf("企业账户 %d 已被冻结", entId))
 	}
 
@@ -84,6 +77,6 @@ func checkEntStatus(entId int64, authCheck, statusCheck bool) error {
 }
 
 // checkPersonalStatus 校验个人状态账户状态
-func checkPersonalStatus(userId string, authCheck, statusCheck bool) error {
+func checkPersonalStatus(userId string, authCheck, accountCheck bool) error {
 	return NewErrorWithCode(GLOBAL_ERR_UNFINISH, "checkPersonalStatus")
 }

core/router/manager.go

@@ -2,6 +2,7 @@ package router
 
 import (
 	"bp.jydev.jianyu360.cn/BaseService/gateway/common/db"
+	"bp.jydev.jianyu360.cn/BaseService/gateway/common/enum"
 	. "bp.jydev.jianyu360.cn/BaseService/gateway/common/gatecode"
 	"fmt"
 	"github.com/gogf/gf/v2/net/ghttp"
@@ -33,10 +34,10 @@ func InitRouterManager() (*Manager, error) {
 		router := gconv.String(row["url"])
 		routerRule := &Router{
 			Status:       gconv.Int(row["status"]),
-			SessCheck:    gconv.Int(row["check_sess"]),
 			PowerCheck:   gconv.Int(row["check_power"]),
-			AccountCheck: gconv.Int(row["check_status"]),
-			AuthCheck:    gconv.Int(row["check_auth"]),
+			SessCheck:    enum.NewSessCheck(gconv.Int64(row["check_sess"])),
+			AccountCheck: enum.NewAccountCheck(gconv.Int64(row["check_status"])),
+			AuthCheck:    enum.NewAuthCheck(gconv.Int64(row["check_auth"])),
 			BlackCheck:   gconv.Int(row["check_blacklist"]) == 1,
 			Deduct:       gconv.Int(row["deduct_source"]),
 			FuncCode:     gconv.String(row["function_code"]),

core/router/router.go

@@ -1,17 +1,19 @@
 package router
 
+import "bp.jydev.jianyu360.cn/BaseService/gateway/common/enum"
+
 type Router struct {
-	Status       int    // 0:冻结不可用 1:正常可用
-	SessCheck    int    // session校验 xy x校验userId y校验endId 0不需要 1需要
-	PowerCheck   int    // 是否权限校验，1需要 0 不需要
-	AccountCheck int    // 是否需要检查状态（冻结）；xy x校验用户 y校验企业 0不需要 1需要
-	AuthCheck    int    // 身份校验；xy x校验用户 y校验企业 0不需要 1需要
-	Deduct       int    // 扣减来源；0：不扣减 1：前置代理（默认：1） 2：后端应用（必须返回后端应用）3:后台应用自行扣减
-	TimeOut      int64  // 接口超时提醒，单位毫秒；默认500毫秒
-	AppId        string // 平台标识
-	BlackCheck   bool   // 是否校验黑名单 【是否校验黑名单; 0:不需要 1:需要】
-	FuncCode     string // 功能代码
-	MiddleCode   string // 中台代码
-	ReqUrl       string // 请求地址
-	Remark       string // 路由备注信息
+	Status       int                // 0:冻结不可用 1:正常可用
+	PowerCheck   int                // 是否权限校验，1需要 0 不需要
+	SessCheck    *enum.SessCheck    // session校验 xy x校验userId y校验endId 0不需要 1需要
+	AccountCheck *enum.AccountCheck // 是否需要检查状态（冻结）；xy x校验用户 y校验企业 0不需要 1需要
+	AuthCheck    *enum.AuthCheck    // 身份校验；xy x校验用户 y校验企业 0不需要 1需要
+	Deduct       int                // 扣减来源；0：不扣减 1：前置代理（默认：1） 2：后端应用（必须返回后端应用）3:后台应用自行扣减
+	TimeOut      int64              // 接口超时提醒，单位毫秒；默认500毫秒
+	AppId        string             // 平台标识
+	BlackCheck   bool               // 是否校验黑名单 【是否校验黑名单; 0:不需要 1:需要】
+	FuncCode     string             // 功能代码
+	MiddleCode   string             // 中台代码
+	ReqUrl       string             // 请求地址
+	Remark       string             // 路由备注信息
 }