ZiHangQin/electricity_bill_calc_service
1
0
Fork 0
forked from free-lancers/electricity_bill_calc_service
Code Pull Requests Activity

fix(security):修复在获取用户会话以后,用户会话不存在的情况下依旧会保存至上下文的问题。

Browse Source
This commit is contained in:
徐涛
2022-08-12 17:02:44 +08:00
parent b213b32325
commit 7064c26e5e
2 changed files with 21 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
security/security.go
View File

@@ -3,6 +3,7 @@ package security
import (
"electricity_bill_calc/cache"
"electricity_bill_calc/model"
"log"
"net/http"
"strings"
@@ -18,7 +19,7 @@ func SessionRecovery(c *gin.Context) {
token := strings.Fields(auth)[1]
session, err := cache.RetreiveSession(token)
if err == nil {
if err == nil && session != nil {
c.Set("session", session)
}
}
@@ -29,7 +30,11 @@ func SessionRecovery(c *gin.Context) {
// ! 通过该中间件以后,是可以保证上下文中一定具有用户会话信息的。
func MustAuthenticated(c *gin.Context) {
session, exists := c.Get("session")
if _, ok := session.(*model.Session); !exists || session == nil || !ok {
if !exists || session == nil {
c.AbortWithStatus(http.StatusForbidden)
return
}
if _, ok := session.(*model.Session); !ok {
c.AbortWithStatus(http.StatusForbidden)
}
c.Next()
@@ -39,7 +44,10 @@ func MustAuthenticated(c *gin.Context) {
// ! 通过该中间件以后,是可以保证上下文中一定具有用户会话信息的。
func EnterpriseAuthorize(c *gin.Context) {
session, exists := c.Get("session")
if sess, ok := session.(*model.Session); !exists || !ok || sess.Type != 0 {
if !exists || session == nil {
c.AbortWithStatus(http.StatusForbidden)
}
if sess, ok := session.(*model.Session); !ok || sess.Type != 0 {
c.AbortWithStatus(http.StatusForbidden)
}
c.Next()
@@ -49,7 +57,10 @@ func EnterpriseAuthorize(c *gin.Context) {
// ! 通过该中间件以后,是可以保证上下文中一定具有用户会话信息的。
func ManagementAuthorize(c *gin.Context) {
session, exists := c.Get("session")
if sess, ok := session.(*model.Session); !exists || !ok || (sess.Type != 1 && sess.Type != 2) {
if !exists || session == nil {
c.AbortWithStatus(http.StatusForbidden)
}
if sess, ok := session.(*model.Session); !ok || (sess.Type != 1 && sess.Type != 2) {
c.AbortWithStatus(http.StatusForbidden)
}
c.Next()
@@ -59,7 +70,11 @@ func ManagementAuthorize(c *gin.Context) {
// ! 通过该中间件以后,是可以保证上下文中一定具有用户会话信息的。
func OPSAuthorize(c *gin.Context) {
session, exists := c.Get("session")
if sess, ok := session.(*model.Session); !exists || !ok || sess.Type != 2 {
log.Printf("[debug]session exists: %v, %v \n", exists, session)
if !exists {
c.AbortWithStatus(http.StatusForbidden)
}
if sess, ok := session.(*model.Session); !ok || sess.Type != 2 {
c.AbortWithStatus(http.StatusForbidden)
}
c.Next()