🐛 fix session bug

2024-11-17 20:02:59 +08:00
parent 34c4690f80
commit 78a162a19a
72 changed files with 1304 additions and 453 deletions
--- a/app/core/api/internal/middleware/casbinverify_middleware.go
+++ b/app/core/api/internal/middleware/casbinverify_middleware.go
@@ -0,0 +1,29 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/casbin/casbin/v2"
+)
+
+type CasbinVerifyMiddleware struct {
+	casbin *casbin.CachedEnforcer
+}
+
+func NewCasbinVerifyMiddleware(casbin *casbin.CachedEnforcer) *CasbinVerifyMiddleware {
+	return &CasbinVerifyMiddleware{
+		casbin: casbin,
+	}
+}
+
+func (m *CasbinVerifyMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userId := r.Context().Value("user_id")
+		correct, err := m.casbin.Enforce(userId, r.URL.Path, r.Method)
+		if err != nil || !correct {
+			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+			return
+		}
+		next(w, r)
+	}
+}
--- a/app/core/api/internal/middleware/securityheaders_middleware.go
+++ b/app/core/api/internal/middleware/securityheaders_middleware.go
@@ -15,7 +15,7 @@ func NewSecurityHeadersMiddleware() *SecurityHeadersMiddleware {

 func (m *SecurityHeadersMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		middleware.SecurityHeadersMiddleware(w, r)
+		middleware.SecurityHeadersMiddleware(r)
 		next(w, r)
 	}
 }