feat: support permission check api

2021-08-04 11:05:54 +08:00 · 2021-08-04 11:05:54 +08:00 · 8764270f47
parent 2ef85d9aae
commit 8764270f47
3 changed files with 51 additions and 0 deletions
--- a/http/http_funcs.go
+++ b/http/http_funcs.go
@ -225,6 +225,20 @@ func loginUsername(c *gin.Context) string {
 		username = headerUsername(c)
 	}

+	if username == "" {
+		remoteAddr := c.Request.RemoteAddr
+		idx := strings.LastIndex(remoteAddr, ":")
+		ip := ""
+		if idx > 0 {
+			ip = remoteAddr[0:idx]
+		}
+
+		if ip == "127.0.0.1" {
+			//本地调用都当成是root用户在调用
+			username = "root"
+		}
+	}
+
 	if username == "" {
 		ierr.Bomb(http.StatusUnauthorized, "unauthorized")
 	}
--- a/http/router.go
+++ b/http/router.go
@ -308,6 +308,9 @@ func configRoutes(r *gin.Engine) {
 		v1.POST("/tag-metrics", GetMetrics)
 		v1.POST("/tag-pairs", GetTagPairs)
 		v1.GET("/check-promql", checkPromeQl)
+
+		v1.GET("/can-do-op-by-name", login(), canDoOpByName)
+		v1.GET("/can-do-op-by-token", login(), canDoOpByToken)
 	}

 	push := r.Group("/v1/n9e/series").Use(gzip.Gzip(gzip.DefaultCompression))
--- a/http/router_auth.go
+++ b/http/router_auth.go
@ -56,3 +56,37 @@ func logoutGet(c *gin.Context) {
 	session.Save()
 	renderMessage(c, nil)
 }
+
+func canDoOpByName(c *gin.Context) {
+	user, err := models.UserGetByUsername(queryStr(c, "name"))
+	dangerous(err)
+
+	if user == nil {
+		renderData(c, false, err)
+		return
+	}
+
+	can, err := user.CanDo(queryStr(c, "op"))
+	renderData(c, can, err)
+}
+
+func canDoOpByToken(c *gin.Context) {
+	userToken, err := models.UserTokenGet("token=?", queryStr(c, "token"))
+	dangerous(err)
+
+	if userToken == nil {
+		renderData(c, false, err)
+		return
+	}
+
+	user, err := models.UserGetByUsername(userToken.Username)
+	dangerous(err)
+
+	if user == nil {
+		renderData(c, false, err)
+		return
+	}
+
+	can, err := user.CanDo(queryStr(c, "op"))
+	renderData(c, can, err)
+}