fix(security):修复在获取用户会话以后，用户会话不存在的情况下依旧会保存至上下文的问题。

2022-08-12 17:02:44 +08:00 · 2022-08-12 17:02:44 +08:00 · 7064c26e5e
commit 7064c26e5e
parent b213b32325
2 changed files with 21 additions and 6 deletions
--- a/router/router.go
+++ b/router/router.go
@ -32,7 +32,7 @@ func Recover(c *gin.Context) {
 			//打印错误堆栈信息
 			log.Printf("panic: %v\n", r)
 			debug.PrintStack()
-			response.NewResult(c).Error(500, "服务器内部错误")
+			// response.NewResult(c).Error(500, "服务器内部错误")
 		}
 	}()
 	//继续后续接口调用
--- a/security/security.go
+++ b/security/security.go
@ -3,6 +3,7 @@ package security
 import (
 	"electricity_bill_calc/cache"
 	"electricity_bill_calc/model"
 	"log"
 	"net/http"
 	"strings"
@ -18,7 +19,7 @@ func SessionRecovery(c *gin.Context) {
 		token := strings.Fields(auth)[1]
 		session, err := cache.RetreiveSession(token)
-		if err == nil {
+		if err == nil && session != nil {
 			c.Set("session", session)
 		}
 	}
@ -29,7 +30,11 @@ func SessionRecovery(c *gin.Context) {
 // ! 通过该中间件以后，是可以保证上下文中一定具有用户会话信息的。
 func MustAuthenticated(c *gin.Context) {
 	session, exists := c.Get("session")
-	if _, ok := session.(*model.Session); !exists || session == nil || !ok {
+	if !exists || session == nil {
 		c.AbortWithStatus(http.StatusForbidden)
 		return
 	}
 	if _, ok := session.(*model.Session); !ok {
 		c.AbortWithStatus(http.StatusForbidden)
 	}
 	c.Next()
@ -39,7 +44,10 @@ func MustAuthenticated(c *gin.Context) {
 // ! 通过该中间件以后，是可以保证上下文中一定具有用户会话信息的。
 func EnterpriseAuthorize(c *gin.Context) {
 	session, exists := c.Get("session")
-	if sess, ok := session.(*model.Session); !exists || !ok || sess.Type != 0 {
+	if !exists || session == nil {
 		c.AbortWithStatus(http.StatusForbidden)
 	}
 	if sess, ok := session.(*model.Session); !ok || sess.Type != 0 {
 		c.AbortWithStatus(http.StatusForbidden)
 	}
 	c.Next()
@ -49,7 +57,10 @@ func EnterpriseAuthorize(c *gin.Context) {
 // ! 通过该中间件以后，是可以保证上下文中一定具有用户会话信息的。
 func ManagementAuthorize(c *gin.Context) {
 	session, exists := c.Get("session")
-	if sess, ok := session.(*model.Session); !exists || !ok || (sess.Type != 1 && sess.Type != 2) {
+	if !exists || session == nil {
 		c.AbortWithStatus(http.StatusForbidden)
 	}
 	if sess, ok := session.(*model.Session); !ok || (sess.Type != 1 && sess.Type != 2) {
 		c.AbortWithStatus(http.StatusForbidden)
 	}
 	c.Next()
@ -59,7 +70,11 @@ func ManagementAuthorize(c *gin.Context) {
 // ! 通过该中间件以后，是可以保证上下文中一定具有用户会话信息的。
 func OPSAuthorize(c *gin.Context) {
 	session, exists := c.Get("session")
-	if sess, ok := session.(*model.Session); !exists || !ok || sess.Type != 2 {
+	log.Printf("[debug]session exists: %v, %v \n", exists, session)
 	if !exists {
 		c.AbortWithStatus(http.StatusForbidden)
 	}
 	if sess, ok := session.(*model.Session); !ok || sess.Type != 2 {
 		c.AbortWithStatus(http.StatusForbidden)
 	}
 	c.Next()