🐛 fix the casbin invalidation bug/adjust routing strategy

router/modules/client_router.go

@@ -0,0 +1,12 @@
+package modules
+
+import (
+	"github.com/gin-gonic/gin"
+	"schisandra-cloud-album/api"
+)
+
+var clientApi = api.Api.ClientApi
+
+func ClientRouter(router *gin.RouterGroup) {
+	router.GET("/client/generate_client_id", clientApi.GenerateClientId)
+}

router/modules/oauth_router.go

@@ -12,7 +12,6 @@ func OauthRouter(router *gin.RouterGroup) {
 	{
 		wechatRouter := group.Group("/wechat")
 		{
-			wechatRouter.GET("/generate_client_id", oauth.GenerateClientId)
 			wechatRouter.GET("/get_temp_qrcode", oauth.GetTempQrCode)
 			//wechatRouter.GET("/callback", oauth.CallbackVerify)
 			wechatRouter.POST("/callback", oauth.CallbackNotify)
@@ -34,5 +33,4 @@ func OauthRouter(router *gin.RouterGroup) {
 		}
 		group.GET("/get_device", oauth.GetUserLoginDevice)
 	}
-
 }

router/modules/permission_router.go

@@ -9,6 +9,8 @@ var permissionApi = api.Api.PermissionApi
 
 func PermissionRouter(router *gin.RouterGroup) {
 	group := router.Group("/auth/permission")
-	//group.Use(middleware.JWTAuthMiddleware())
-	group.POST("/add", permissionApi.AddPermissions)
+	{
+		group.POST("/add", permissionApi.AddPermissions)
+		group.GET("/get_user_permissions", permissionApi.GetUserPermissions)
+	}
 }

router/modules/role_router.go

@@ -3,14 +3,15 @@ package modules
 import (
 	"github.com/gin-gonic/gin"
 	"schisandra-cloud-album/api"
-	"schisandra-cloud-album/middleware"
 )
 
 var roleApi = api.Api.RoleApi
 
 func RoleRouter(router *gin.RouterGroup) {
 	group := router.Group("/auth")
-	group.Use(middleware.JWTAuthMiddleware())
-	group.POST("/role/create", roleApi.CreateRole)
-	group.POST("/role/add_role_to_user", roleApi.AddRoleToUser)
+	{
+		group.POST("/role/create", roleApi.CreateRole)
+		group.POST("/role/add_role_to_user", roleApi.AddRoleToUser)
+	}
+
 }

router/modules/swagger_router.go

@@ -8,10 +8,10 @@ import (
 	"schisandra-cloud-album/global"
 )
 
-func SwaggerRouter(router *gin.Engine) {
+func SwaggerRouter(router *gin.RouterGroup) {
 	docs.SwaggerInfo.BasePath = ""
 	docs.SwaggerInfo.Description = global.CONFIG.Swagger.Description
-	router.GET("/api/doc/*any", gin.BasicAuth(gin.Accounts{
+	router.GET("/doc/*any", gin.BasicAuth(gin.Accounts{
 		global.CONFIG.Swagger.User: global.CONFIG.Swagger.Password,
 	}), ginSwagger.WrapHandler(swaggerFiles.Handler, func(config *ginSwagger.Config) {
 		config.Title = global.CONFIG.Swagger.Title

router/modules/user_router.go

@@ -3,7 +3,6 @@ package modules
 import (
 	"github.com/gin-gonic/gin"
 	"schisandra-cloud-album/api"
-	"schisandra-cloud-album/middleware"
 )
 
 var userApi = api.Api.UserApi
@@ -16,15 +15,18 @@ func UserRouter(router *gin.RouterGroup) {
 		userGroup.POST("/phone_login", userApi.PhoneLogin)
 		userGroup.POST("/reset_password", userApi.ResetPassword)
 	}
-	authGroup := router.Group("auth").Use(middleware.JWTAuthMiddleware()).Use(middleware.CasbinMiddleware())
-	{
-		authGroup.GET("/user/list", userApi.GetUserList)
-		authGroup.GET("/user/query_by_uuid", userApi.QueryUserByUuid)
-
-	}
 	tokenGroup := router.Group("token")
 	{
 		tokenGroup.POST("/refresh", userApi.RefreshHandler)
 	}
+}
+
+// UserRouterAuth 用户相关路由 有auth接口组需要token验证
+func UserRouterAuth(router *gin.RouterGroup) {
+	authGroup := router.Group("auth")
+	{
+		authGroup.GET("/user/list", userApi.GetUserList)
+		authGroup.GET("/user/query_by_uuid", userApi.QueryUserByUuid)
+	}
 
 }

router/router.go

@@ -3,12 +3,15 @@ package router
 import (
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
+	"schisandra-cloud-album/api"
 	"schisandra-cloud-album/global"
 	"schisandra-cloud-album/middleware"
 	"schisandra-cloud-album/router/modules"
 	"time"
 )
 
+var oauth = api.Api.OAuthApi
+
 func InitRouter() *gin.Engine {
 	gin.SetMode(global.CONFIG.System.Env)
 	router := gin.Default()
@@ -18,25 +21,40 @@ func InitRouter() *gin.Engine {
 		return nil
 	}
 	router.Use(middleware.RateLimitMiddleware(time.Millisecond*100, 20)) // 限流中间件
-	publicGroup := router.Group("api")
 	// 跨域设置
-	publicGroup.Use(cors.New(cors.Config{
+	router.Use(cors.New(cors.Config{
 		AllowOrigins:     []string{global.CONFIG.System.Web},
 		AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
-		AllowHeaders:     []string{"Origin", "Content-Length", "Content-Type", "Authorization", "X-CSRF-Token", "Accept-Language"},
+		AllowHeaders:     []string{"Origin", "Content-Length", "Content-Type", "Authorization", "X-CSRF-Token", "Accept-Language", "X-Request-Id"},
 		AllowCredentials: true,
 		MaxAge:           12 * time.Hour,
 	}))
 	// 国际化设置
-	publicGroup.Use(middleware.I18n())
+	router.Use(middleware.I18n())
+
+	publicGroup := router.Group("api") // 不需要鉴权的路由组
+	authGroup := router.Group("api")   // 需要鉴权的路由组
+	authGroup.Use(
+		middleware.JWTAuthMiddleware(),
+		middleware.CasbinMiddleware(),
+		middleware.CheckClientMiddleware())
+
+	checkClientGroup := router.Group("api") // 需要检查客户端的路由组
+
+	checkClientGroup.Use(middleware.CheckClientMiddleware())
+
+	modules.ClientRouter(publicGroup)    // 注册客户端路由
+	modules.SwaggerRouter(publicGroup)   // 注册swagger路由
+	modules.WebsocketRouter(publicGroup) // 注册websocket路由
+
+	modules.CaptchaRouter(checkClientGroup) // 注册验证码路由
+	modules.SmsRouter(checkClientGroup)     // 注册短信验证码路由
+	modules.OauthRouter(checkClientGroup)   // 注册oauth路由
+	modules.UserRouter(checkClientGroup)    // 注册鉴权路由
+
+	modules.UserRouterAuth(authGroup)   // 注册鉴权路由
+	modules.RoleRouter(authGroup)       // 注册角色路由
+	modules.PermissionRouter(authGroup) // 注册权限路由
 
-	modules.SwaggerRouter(router)         // 注册swagger路由
-	modules.UserRouter(publicGroup)       // 注册鉴权路由
-	modules.CaptchaRouter(publicGroup)    // 注册验证码路由
-	modules.SmsRouter(publicGroup)        // 注册短信验证码路由
-	modules.OauthRouter(publicGroup)      // 注册oauth路由
-	modules.WebsocketRouter(publicGroup)  // 注册websocket路由
-	modules.RoleRouter(publicGroup)       // 注册角色路由
-	modules.PermissionRouter(publicGroup) // 注册权限路由
 	return router
 }